Under  attack 

Not  satisfied  exploiting  operating  systems  and  Web 
servers,  a  new  survey  says  hackers  have  found  fresh  tar¬ 
gets  this  year.  PAGE  8. 


Slick  as  ICE 

Cisco,  Microsoft  are  developing  Interactive  Connect¬ 
ivity  Establishment  (ICE)  products  that  let  VoIP  calls 
cross  firewalls  without  compromising  security  PAGE  19. 


Change  control 

Keeping  an  accurate,  timely  record  of  network  inventory 
operating  systems  and  device  configurations  is  no  longer 
a  Herculean  task  for  Citigroup.  PAGE  27. 
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f^j|p  WHEN  IT  COMES  TO  FREE  ADVICE,  savvy  network 
executives  know  to  consider  the  source.  That's  why  we 
dug  deep  to  find  the  best  tips  on  tackling  emerging  and  existing 
technologies,  on  managing  vendor  contracts  and  relationships,  and 
on  advancing  your  network  career  to  the  next  level.  And  we  culled 
our  insights  from  a  most  reliable  source  -  your  peers. 


The  best  advice  I  ever  got 

Network  professionals,  industry  watchers  and 
vendor  executives  share  the  tips  that  helped 
them  get  ahead.  Page  40 


Something  for  nothing 

Tips  on  where  to  find  and  how  to  take 
advantage  of  freeware  and  open  source 
applications.  Page  51 


What  works  and  why 

IT  experts  offer  their  advice  on  top  technologies, 
including  VoIP,  WAN  services,  SOA  and 
security.  Page  44 


Indiana  University  goes  wireless 

A  university  network  exec  shares  his 
experiences  and  the  challenges  of  rolling  out 
wireless  across  two  campuses.  Page  53 


When  to  upgrade 

Insiders  share  their  experiences  with 
equipment  life  cycles.  Page  49 


Taking  charge 

Tips  and  tricks  for  tackling  your  responsibilities 
as  a  manager  of  people,  projects  and  vendors. 

Page  56 


The  give  and  take  of  tech  advice.  Page  38 


Hospitals’ 
patch  fears 
on  the  wane 


BY  ELLEN  MESSMER 

In  the  year  or  so  since  conflict 
between  hospitals  and  manufac¬ 
turers  over  the  security  of  net¬ 
worked  medical  devices  went 
public,  much  has  changed  for  the 
better. 

Following  a  Network  World 
series  last  year  about  the  poten¬ 
tially  dangerous  situation  posed 
by  unpatched  patient-care  equip¬ 
ment  on  hospital  networks,  the 
U.S.  government  issued  new 
guidelines  to  manufacturers  that 
clarified  their  responsibilities  and 
many  vendors  changed  their 
approach  to  securing  products,  a 
difference  some  customers  say 
has  been  significant. 

“The  threats  have  abated,”  says 
Dave  McClain,  information  secur¬ 
ity  manager  at  Community  Health 
Network,  an  organization  in  In¬ 
dianapolis  that  operates  five  hos¬ 
pitals.  “A  year  ago  the  vendors 
were  saying  they  wouldn’t  sup¬ 
port  the  contracts  if  we  went 


ahead  with  patching.” 

Imaging,  radiological  and  can¬ 
cer-care  equipment  made  by  GE 
Healthcare,  Siemens,  Agfa,  Kodak’s 
Health  Imaging  Group,  Philips 
Medical  Systems  and  others  is 
often  networked 
and  includes 
commercial  off- 
the-shelf  software. 
Hospitals  have-y 
been  in  a  bind 
because  device 
manufacturers  — 
often  unable  to 
keep  pace  with 
new  worms,  viruses  and  other 
security  threats  —  traditionally 
prohibited  them  from  applying 
software  updates  to  their  medical 
equipment,  threatening  to  cancel 
contracts  or  legal  action. 

While  it  might  be  easy  to  suggest 
that  healthcare  organizations 
should  refrain  from  tying  medical 
devices  to  their  networks,  having 
See  Medical,  page  14 


Online  retailers  ready  for  holiday  crush 


BY  ANN  BEDNARZ 

While  the  Friday  after  Thanks¬ 
giving  is  the  traditional  start  of  the 
holiday  shopping  season,  online 
retailers  are  gearing  up  for  heav¬ 
ier  traffic  beginning  today  —  a 
day  some  industry  watchers  have 


dubbed  “Cyber  Monday 
The  reason  is  it’s  not  until  every¬ 
one  returns  to  work  after  the  holi¬ 
day  weekend  that  the  serious  on¬ 
line  buying  begins. 

“The  following  Monday  is  actu¬ 
ally  even  more  important  than  Fri¬ 


day  It’s  probably  the  busiest  day 
says  Bill  Brown,  director  of  e-com¬ 
merce  and  demand  generation  at 
Alienware,  which  makes  PCs  and 
accessories  for  gaming  enthusi¬ 
asts  and  other  power  users. 

See  Retail,  page  £ 
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BELIEVE  AGAIN. 

Once,  technology  transformed  business  in  a  way  that  made  us  believe  its  potential  was  boundless.  But  over  time,  the 
promise  of  IT  was  challenged  by  sheer  complexity.  Today  there's  reason  to  believe  again.  Computer  Associates  (CA) 
introduces  an  approach  to  managing  technology  called  Enterprise  IT  Management  (EITM).  With  the  range  of  software 
and  expertise  to  unify  systems,  processes  and  people  across  the  enterprise.  Simplify  the  complex.  And  enable  IT  to 
deliver  fully  and  securely  against  your  business  goals.  With  CA  software  solutions,  you  can  reach  a  higher  order  of  IT. 
At  your  own  pace,  on  your  own  path,  with  your  existing  technology  and  partners.  To  learn  more  about  EITM,  and  how 
CA's  new  solutions  can  help  you  unify  and  simplify  your  IT  environment  in  a  secure  way,  visit  ca.com/unify. 
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Fr:  being  alone  with  your  information  management  challenges 


EMC  SERVICES  CAN  HELP  YOU  GET  MORE  FROM  YOUR  INFORMATION.  With  EMC,  you  get  the  combined 
expertise  of  over  7,000  consultants,  specializing  in  everything  from  comprehensive  analysis  and  long-term 
planning  to  proven  implementation  and  support.  It’s  the  insight  you  need  to  archive  information  efficiently, 
enable  compliance,  maintain  business  continuity,  and  take  on  new  challenges.  And  it’s  the  first  step  toward 
creating  an  information  lifecycle  management  strategy  that  fits  your  business.  To  put  EMC’s  award-winning 
services  to  work  for  you,  visit  www.EMC.com/services. 
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Jim  Ricotta,  president  and  CEO  of 
DataPower,  talks  about  SOA,  Web 
services  and  how  his  company,  which 
was  recently  acquired  by  IBM,  can 
help  deal  with  this  application-level 
data  DocFinder:  9950 

Cool  Tools:  Best  tech  holiday  gifts 

With  a  little  inspiration  from  a  classic 
game  show,  Senior  Editor  Keith  Shaw 
highlights  gifts  from  our  annual  Cool 
Yule  Tools  Holiday  Gift  Guide  that  are 
sure  to  please  your  friends,  family  or 
you.  DocFinder:  9951 
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with  Jeff  Crawford,  manager  of  net¬ 
working  and  security  for  the  East 
Grand  Rapids,  Mich.,  School  District, 
about  3Com's  new  all-in-one  security 
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Industry  insiders  will  separate  the  hype  from  the  facts  and  figures  you  need 
to  accurately  allocate  your  '06  dollars.  Qualify  to  attend  free  —  and  the 
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BREAKING  NEWS 

Go  online  for  breaking  news  every  day.  DocFinder:  1001 

Free  emaii  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder:  1002 

What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and  resources 
online.  Simply  enter  the  four-digit  DocFinder  number  in 
the  search  box  on  the  home  page,  and  you’ll  jump  directly 
to  the  requested  information. 


6  •  www.networkworid.com  •  11.28.05 


Server  sales  spike,  analysts  report 

■  For  the  first  time,  Microsoft  Windows  was  the  leading  operating  system  in  new 
servers,  as  the  worldwide  server  market  grew  8.1%  in  the  third  quarter,  IDC  said  last 
week.  After  a  long  period  focused  on  cutting  costs  and  buying  servers  just  to 
run  current  applications,  companies  are  once  again  investing  strategically 
in  systems  to  handle  future  workloads,  says  Matt  Eastwood,  an  IDC  ana¬ 
lyst.  Sales  of  Windows  systems  accounted  for  36.9%  of  all  server  revenue  in 
the  quarter,  vs.  3 1.7%  for  Unix  and  1 1.5%  for  Linux.  Server  revenue 
grew  faster  than  IDC’s  projection,  which  was  for  6%  growth.  Also  last 
week,  Gartner  reported  that  worldwide  server  revenue  grew  5.6% 
during  the  third  quarter.  Gains  in  sales  of  servers  costing  less  than 
$25,000  led  the  upward  trend,  according  to  the  research  companies. 


BRIAN  GAIDRY 


Suits  filed  against  Sony  BMG 

■  Sony  BMG  Music  Entertainments  fight  over  its  XCP 
copy-protection  software  shifted  to  the  courts  last 
week  as  Texas  Attorney  General  Greg  Abbott  and 
lawyers  from  the  Electronic  Frontier  Foundation 
moved  to  bring  civil  suits  against  the  entertainment 
giant. Texas  is  the  first  state  to  sue  Sony  over  its  distri¬ 
bution  of  flawed  copy-protection  software,  while  the 
EFFa  digital  rights  watchdog  group  in  San  Francisco, 
said  that  it  would  bring  a  class-action  lawsuit  against 
Sony  in  California. The  Texas  lawsuit  accuses  Sony  of 
violating  the  state’s  2005  anti-spyware  law  by  distribut¬ 
ing  the  software  on  52  of  the  company’s  music  titles 
this  year.  Further  lawsuit  details  are  available  at  www. 
networkworld.com,  DocFinder:  9967.The  EFFs  lawsuit 
will  seek  unspecified  compensation  for  XCP  cus¬ 
tomers  and  will  draw  attention  to  a  second  copy¬ 
protection  product  that  ships  with  Sony  CDs,  called 
MediaMax. 

Deal  falls  through  in  CSC  buy 

■  Lockheed  Martin  has  apparently  lost  interest  in 
outsourced  IT  provider  Computer  Sciences  Corp. 
The  IT  sendees  firm,  which  specializes  in  govern¬ 
ment  contracts,  had  been  eyed  by  defense  giant 
Lockheed  Martin,  but  The  Wall  Street  Journal  has 
reported  that  talks  have  broken  down.  That  news 
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“We  all  work  for  Google, 
though  we  may  not  get  paid. 
We  improve  Google’s  algorithm 
to  the  extent  we  use”  the 
search  engine. 

Seth  Goldstein,  CEO,  Root  Markets,  speaking  at  the  Symposium 
on  Social  Architecture,  Cambridge,  Mass. 


sent  CSC’s  stock  —  which  had  jumped  20%  during 
the  last  month  as  a  result  of  the  buyout  talks  —  tum¬ 
bling  early  last  week  to  $48  from  about  $54  days 
before.  CSC  was  asking  $65  per  share,  or  about  $12 
billion.  According  to  some  reports,  the  price  tag 
proved  to  be  too  much  for  Lockheed  and  a  group  of 
private  equity  investors  who  were  negotiating  the 
CSC  buy.  It’s  unclear  whether  there  are  other  bid¬ 
ders,  and  CSC  did  not  immediately  return  calls  for 
comment.  But  analysts  say  potential  customers 
should  keep  track  of  where  CSC  is  headed,  because 
new  management  could  affect  services. 


“Election  day  in  Washington  has 
a  new  twist!  Enter  Left  -  Right  - 
Left  -  Right  -  B  -  A-  Start  -  Start  to 
cast  an  extra  vote  for  the  candi¬ 
date  of  your  choice.  ” 

J.D.  Roman  of  Harper  Woods,  Mich.,  wins  this  week's  honors  in  our  latest  Weekly 
Caption  Contest  Check  back  every  Monday  for  the  start  of  a  new  round. 
www.networkworld.com/weblogs/layer8 


TheGoodTheBadTheUgly 

Spam  fight  song.  Several  anti-spam  organizations  and 
vendors  are  uniting  to  fight  spam  by  running  a  music  video  contest 
(www.networkworld.com,  DocFinder:  9969).  FixingEmail.org  and  iFILM 
are  among  the  outfits  looking  for  the  best  short  music  video  featuring 
a  three-chord  punk-pop  song  called  "Spam  Free  or  Die."  The  winner 
will  receive  S10.000  and  have  the  video  aired  on  national  radio  and 
television  in  addition  to  several  Web  sites,  the  promoters  say. 

<  Shoppers  beware.  Despite  the  increasing  size  of 
the  online  shopping  market,  one  in  four  U.S.  consumers  won’t 
shop  online  during  this  holiday  season  because  of  concerns 
over  buying  goods  online,  according  to  a  new  survey.  A 
mqjor  concern  of  consumers  when  shopping  online  is  the 
fear  that  their  personal  information  will  be  sold  to  a  third 
party,  according  to  the  survey,  which  was  commissioned  by 
the  Business  Software  Alliance  and  conducted  by  Forrester 
Custom  Consumer  Research.  It  surveyed  1,099  consumers. 
The  survey  found  79%  of  people  worried  about  such  a  sale 
of  their  information.  Another  big  concern  was  identity  theft  (74%), 
and  consumers  were  also  worried  about  spam,  credit  card  fraud  and 
computer  viruses,  the  survey  found. 

FBI  warning.  We're  not  saying  the  FBI  isn't  after  you,  but  at 
least  in  this  case  you  can  breathe  a  sigh  of  relief.  The  agency  last  week 
warned  the  public  not  to  be  fooled  by  a  new  e-mail  scheme  in  which 
message  recipients  are  told  their  Internet  use  has  been  monitored  by 
the  FBI. 

Cisco  buys  IP  PBX  mgmt.  software 

■  Cisco  last  week  followed  up  its  mega-acquisi¬ 
tion  of  cable-box  maker  Scientific-Atlanta  with  a 
quieter  deal,  buying  software  for  managing  IP  PBX 
deployments  from  Digital  Fairway,  a  maker  of  car¬ 
rier  and  enterprise  voice-  and  video-management 
software.  The  acquisition  of  Digital  Fairway  tech¬ 
nology  gives  Cisco  software  that  could  help  make 
VoIP  rollouts  simpler.  IP  phone  and  telco  circuit 
management  is  a  top  concern  for  large  compa¬ 
nies  rolling  out  VoIP  Digital  Fairway  makes  soft¬ 
ware  that  lets  carriers  manage,  bill  for,  and  provi¬ 
sion  VoIP  and  video  services  for  business  and  res¬ 
idential  customers. The  company  also  makes  soft¬ 
ware  for  enterprises  to  manage  telecom  circuits 
and  VoIP  services  from  carriers.  Its  products 
include  management  software  for  automating  the 
setup  of  IP  phones  and  converged  applications 
for  business  end  users.  Cisco  is  paying  $15.25  mil¬ 
lion  for  the  intellectual  property  and  software 
assets. 

AT&T  revives  AT&T  Wireless  brand 

■  AT&T  will  resurrect  the  AT&T  Wireless  brand 
name  for  its  Cingular-based  wireless  service. 
Cingular  is  a  jointly  owned  venture  of  AT&T  —  the 
company  formed  from  last  week’s  closure  of  SBC’s 
acquisition  of  AT&T  —  and  BellSouth.  Both  carriers, 
though,  have  the  right  to  rebrand  the  service 
according  to  the  contractual  terms  of  their  Cingular 
relationship. 
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Cyberattacks  shift  to  apps,  net  devices 
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BY  ROBERT  MCMILLAN 
AND  CARA  GARRETSON 

After  years  of  writing  viruses 
and  worms  for  operating  systems 
and  software  running  on  Internet 
servers,  hackers  have  switched 
their  focus  to  network  devices 
and  applications  in  2005,  a  new 
report  says. 

Attackers  have  targeted  back-up 
software  and  even  the  security 
software  designed  to  protect  com¬ 
puters,  according  to  the  2005 
SANS  top-20  list  of  the  most  criti¬ 
cal  Internet  security  vulnerabili¬ 
ties,  says  Alan  Paller,  director  of 
research  with  the  SANS  Institute,  a 
training  organization  for  comput¬ 
er  security  professionals. 

“There  has  been  a  90-degree 
turn  in  the  way  attackers  are  com¬ 
ing  after  you,”  Paller  says.  Most  or¬ 


ganizations  have  adopted  means 
to  automatically  patch  vulnerabil¬ 
ities  in  operating  systems,  he  says, 
but  not  in  applications.  “Those 
applications  don't  have  automat¬ 
ed  patching,  so  we’re  back  to  the 
Stone  Age.” 

By  exploiting  flaws  in  network 
gear,  hackers  are  finding  their 
way  onto  corporate  networks. 
“Other  more-sophisticated  at¬ 
tackers  found  they  could  use 
vulnerabilities  in  network  de¬ 
vices  to  set  up  listening  posts 
where  they  could  collect  criti¬ 
cal  information  that  would  get 
them  into  the  sites  they  wanted,” 
he  says. 

This  new  focus  on  client  appli¬ 
cations  and  network  products  has 
happened  because  so  many  serv¬ 
er-side  and  operating-system  bugs 


have  been  fixed,  says  Gerhard 
Eschelbeck,  CTO  and  vice  presi¬ 
dent  of  engineering  with  Qualys, 
and  a  contributor  to  this  year’s  list. 
“A  lot  of  the  low-hanging  fruit  has 
been  identified  nowf  he  says. “We 
really  reached  a  tipping  point  ear¬ 
lier  this  year,  where  people  started 
to  look  aggressively  at  client-side 
applications.” 

Security  researchers  also  started 
looking  at  vulnerabilities  in  net¬ 
work  products,  thanks  in  part  to  a 
controversial  presentation  by 
security  researcher  Michael  Lynn 
at  this  year’s  Black  Hat  2005  con¬ 
ference  in  Las  Vegas.  Cisco  sued 
Lynn  after  he  discussed  security 
problems  in  the  Internetwork 
Operating  System  software  used 
by  Cisco’s  routers. 

This  is  the  first  year  that  network 


Retail 

continued  from  page  1 

Alienware  aims  certain  Web  deals  at  post-Thanks- 
giving  shoppers,  but  many  of  its  promotional  e-mails 
don’t  get  read  until  people  get 
back  to  work  after  the  holiday, 

Brown  says.  “We  have  as  many 
people  shopping  at  work  as  we 
do  at  home.  We’re  prepared  for  a 
lot  of  visit  activity  beginning 
Monda/ 

People  at  work  are  among  the 
key  contributors  to  the  post- 
Thanksgiving  online  shopping 
surge,  according  to  Shop.org,  a 
retail  association  and  division  of 
the  National  Retail  Federation 
(NRF).  Shop.org  and  BizRate  Re 
search  paired  up  on  a  study  that  found  37%  of  con¬ 
sumers  plan  to  use  Internet  access  at  work  to  browse 
or  buy  gifts  online  this  holiday  season. 

Looking  back,  77%  of  online  retailers  saw  substan¬ 
tial  sales  increases  last  year  on  the  Monday  after 
Thanksgiving,  Shop.org  says.  In  anticipation  of  this 
year’s  onslaught,  retailers  have  spent  months  gearing 
up  for  the  season  that  can  make  or  break  fiscal 
expectations. 

Pendleton  Woolen  Mills  selected  new  order  man¬ 
agement  and  fulfillment  software  last  year,  but  delib¬ 
erately  waited  until  after  the  2004  holiday  rush  to 
begin  putting  the  new  technologies  in  production.  It 
went  live  with  the  first  phase  of  its  CommercialWare 
implementation,  for  its  catalog  business,  on  Jan.  15, 
followed  by  rollouts  for  its  Web  operations  in  June 
and  retail  stores  in  September.  Pendleton  Woolen 
Mills  manufactures  textiles  and  apparel,  which  it  sells 
wholesale  as  well  as  direct  to  consumers  through  its 
stores,  online  and  catalog  operations. 

"I  always  think  about  how  many  fires  we  can  fight 
at  one  time,”  says  David  Anderson,  information  ser¬ 
vices  manager  for  the  Fbrtland,Ore.,company“Bring- 


ing  all  that  up  at  one  time  is  very  difficult,  so  we 
brought  it  up  one  big  piece  at  a  time.” 

Ebates,  too,  got  started  early  fine-tuning  its  Web  site 
for  the  holiday  rush.The  online  shopping  portal  used 
survey  technology  from  WebSurveyor  to  poll  visitors 
and  find  out  how  they  used  the 
site,  and  what  types  of  coupons, 
rebates  and  other  promotions  are 
most  important  to  them. 

Ebates  took  data  gleaned  from 
the  surveys,  which  it  started  run¬ 
ning  in  April,  and  used  it  to  fine- 
tune  a  Web  site  redesign,  says 
Markus  Mullarkey,  senior  vice 
president  of  sales  and  marketing 
at  the  San  Francisco  company. 

“We  did  a  site  redesign  on  Oct.  1, 
which  was  deliberately  done  pre¬ 
holiday  It  was  important  for  us  to 
get  some  of  the  feedback  prior  to  the  site  redesign,” 
Mullarkey  says.“Now  it’s  ready  for  crunch  time.” 

Some  retail  analysts  are  optimistic  about  the  2005 
holiday  season.  NRF  last  week  upped  its  holiday 
sales  forecast  to  $440  billion,  a  6%  gain  over  the  2004 
season.  In  September  it  had  forecast  a  5%  holiday 
sales  gain. 

On  the  online  front,  comScore  Networks  estimates 
that  consumer  spending  at  U.S.  Internet  sites  (exclud¬ 
ing  travel  sites)  will  exceed  $19  billion  during  the 
2005  holiday  season,  up  24%  over  last  year. 

Not  all  the  news  is  rosy  Security  concerns  will  keep 
some  shoppers  offline  this  season, according  to  new 
data  from  the  Business  Software  Alliance  (BSA). 

Among  1,099  online  U.S.  consumers,  24%  said  they 
won’t  shop  online  this  holiday  season  because  of 
Internet  security  concerns.  The  majority  (84%)  say 
some  retailers  have  not  done  enough  to  protect  their 
consumers,  BSA  reports.  Consumers’  biggest  security 
concerns  have  to  do  with  personal  information 
being  sold  to  a  third  party  (79%),  identity  theft  (74%), 
spam  (72%),  credit  card  fraud  (67%)  and  computer 
viruses  (60%).  ■ 


Shopping  habits 

Among  nearly  2,000  online 
shoppers,  37% 
said  they  plan  to  use  Internet 
access  at  work  to  browse  or 
buy  gifts  online  this  holiday 
season,  according  to  research 
from  retail  association 
Shop.org. 


products  have  appeared  on  the 
SANS  list,  with  Cisco  vulnerabili¬ 
ties  taking  three  of  the  20  slots.The 
list  includes  nine  common  appli¬ 
cation  vulnerabilities,  two  Unix 
problems  and  six  Windows  issues, 
all  of  which  “deserve  immediate 
attention  from  security  profession¬ 
als,”  according  to  SANS. 

One  way  to  prevent  such  secu¬ 
rity  flaws  is  to  demand  that  ven¬ 
dors  deliver  hardened  products  to 
begin  with,  Paller  says.  For  exam¬ 
ple,  the  U.S.  Air  Force  gave  Micro¬ 
soft  a  large  sum  of  money  to 
develop  a  secure  version  of  Win¬ 
dows  that  now  runs  at  two  sites. 

“The  Air  Force  decided  it 
couldn’t  afford  to  keep  buying 
broken  software  from  Microsoft,” 
he  says.  “We  think  that  action  is 
the  herald  of  what  will  one  day 
.. .  .turn  the  tide, with  the  govern¬ 
ment  leading  by  example.  It 
doesn’t  take  much  of  that  to  turn 
vendors  into  security  vendors.” 

The  SANS  top-20  list,  published 
annually  since  2000,  is  compiled 
by  representatives  from  a  variety 
of  computer-security  organiza¬ 
tions,  including  the  U.S.  Computer 
Emergency  Response  Team,  the 
British  government’s  National 
Infrastructure  Security  Co-ordin¬ 
ation  Centre  and  the  SANS 
Internet  Storm  Center.  The  list 
is  designed  to  give  security 
professionals  a  quick  sense  of  the 
industry’s  consensus  on  which 
commonly  targeted  security  vul¬ 
nerabilities  require  their  most 
immediate  attention.  It  has  tradi¬ 
tionally  focused  on  Windows  and 
Unix  vulnerabilities,  as  well  as 
problems  with  some  server-side 
applications. 

The  SANS  list  is  available  at 
www.sans.org/top20/. 

McMillan  is  a  correspondent 
with  the  IDG  News  Sewice. 
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IT  road  map  event 

Could  you  be  underestimating  next  year’s 
security  costs?  Reality-check  your  IT 
plans  for  '06  at  this  Network  World 
event  for  IT  executives  with  no  time  for 
hype  and  no  room  for  error.  Register 
now  to  attend  free. 
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Alcatel  plays  catch-up  with  1 0G  switches 


Switching  up 

How  Alcatel’s  new  10G  switch  stacks  up  against  competitors. 


Vendor 

Product 

Ports 

Fiber  16 

10G 

Copper  1G 

3Com 

Switch  8800 

24 

288 

288 

Alcatel 

OS  9800 

32 

384 

384 

Cisco 

Catalyst  6500 

28 

336 

336 

Extreme 

Black  Diamond 

48 

480 

480 

Foundry 

Biglron  RX 

64 

384 

384 

ForcelO 

E1200 

224 

1,260 

336 

Nortel 

8600 

24 

240 

240 

BY  PHIL  HOCHMUTH 

Alcatel  this  week  is  to  launch 
two  switches  targeted  for  corpo¬ 
rate-backbone  and  data-center 
deployments, where  Gigabit  Ether¬ 
net  links  are  either  aggregated 
from  stacks  of  LAN-edge  switches 
in  wiring  closets  or  from  racks  of 
Gigabit-enabled  servers. 

The  OmniSwitch  9700  switch  is 
a  10-slot  chassis,  while  the  9800 
switch  includes  18  slots.  When 
configured  with  two  redundant 
management  modules  and  two 
fabrics,  the  boxes  can  hold  as 
many  as  six  and  14  service 
blades,  respectively 

Both  switches  include  IPv4  and 
IPv6  support  on  all  port  inter¬ 
faces.  The  switch  software  also 
allows  the  device  to  tunnel  IPv4 
and  IPv6  links  together,  allowing 


disparate  networks  running  differ¬ 
ent  versions  of  IP  to  connect.The 
devices  come  standard  with  full 
Layer  3  routing  and  complete  pro¬ 
tocol  support  —  OSPB  RIP  ver¬ 
sions  1  and  2;  and  BGP 

The  new  OmniSwitches  also 
support  advanced  virtual  LAN 
(VLAN)  configurations  and  multi¬ 
cast  deployments,  which  can  be 
useful  when  running  redundant 
clusters  of  servers  in  a  data  center, 
with  non-clustered  machines.  Al¬ 
catel’s  switch  software  allows  for 
Layer  2  multicast  broadcasting  of 
packet  streams  to  one  or  more 
VLANs;  this  allows  some  servers 
attached  to  the  switch  to  receive 
the  replicated  packets,  while  oth¬ 
ers  do  not. 

(See  a  graphic  of  how  Alcatel’s 
Layer  2  VLAN  multicasting  tech¬ 


nology  works  at  www.network 
world.com,  DocFinder:  9964.) 

The  new  OmniSwitches  are  up¬ 
grades  from  previous  OmniSwitch 
8000  series  chassis,  and  offer  more 
switching  capacity  than  the  previ¬ 


ous  boxes. 

The  switches  support  standard 
QoS  at  Layer  2  with  802. Ip  traffic 
prioritization.  The  switches  can 
map  Layer  3  Type  of  Service  and 
DiffServ  QoS  settings  to  Layer  2 


802. Ip  priority  queues,  which 
allows  prioritized  traffic  from  dif¬ 
ferent  networks  to  maintain  QoS 
settings,  Alcatel  says. 

Analysts  say  the  products  dp  not 
break  new  ground  in  terms  of 
speeds  and  feeds.  However,  they 
do  fill  a  void  in  Alcatel’s  high-end 
switching  portfolio, and  bring  it  up 
to  the  same  level  as  competitors 
3Com,  Cisco,  Nortel,  Extreme, 
Foundry  and  others. 

“It  was  a  hole  in  [Alcatel’s]  port¬ 
folio,  and  it’s  an  important  thing 
for  them  to  have,”  says  Burton 
Group  analyst  Daniel  Golding, 
regarding  high-density  10  Gigabit 
Ethernet.  (Listen  to  an  analysis  of 
Alcatel  and  the  10G  Ethernet  mar¬ 
ket  by  Golding.  See  DocFinder 
9965.) 

Industry  watchers  say  10G 
switch  shipments  are  growing,  as 
Dell’Oro  Group  expects  ship¬ 
ments  of  10G  ports  to  grow  from 
174,000  ports  in  2005  to  854,000 
ports  in  2006. 

But  this  is  still  a  small  fraction  of 
the  market,  which  was  around  276 
million  ports  in  2004.  In  other 
words,  analysts  say,  10G  is  still  a 
technology  answer  without  a 
problem  to  solve. 

“The  only  thing  that’s  really 
going  to  push  the  need  for  10G 
Ethernet  ...  are  applications  like 
desktop  video,”  Burton  Group’s 
Golding  says.  “This  is  something 
that  historically  IT  departments 
have  not  been  pushing.” 

Bandwidth  drivers 

However,  drivers  for  more  band¬ 
width  could  come  as  laptop  com¬ 
puters,  such  as  the  latest  Apple 
iBook,  start  shipping  with  built-in 
video  cameras,  and  Gigabit  ports 
become  a  standard  feature  on 
desktops. 

“If  you  have  cameras  in  every 
laptop,  people  may  starting  doing 
video  conferencing  from  the 
edge,  the  same  way  instant  mes¬ 
saging  took  off,”  Golding  says. 
“Right  now  that’s  the  best  possibil¬ 
ity  .. .  for  an  application  that  might 
drive  [10G  Ethernet].” 

The  OmniSwitch  9700  and  9800 
are  expected  to  be  available  in 
December,  starting  at  $4,000  for  a 
bare  chassis  and  $24,000  for  a 
chassis  with  redundant  manage 
ment  and  switch  fabric  blades. 
Gigabit  ports  cost  about  $583,  and 
10G  ports  cost  about  $7,240  with 
optics  included  ■ 


Microsoft  opening  up  document  format 


BY  JOHN  FONTANA 

Microsoft  last  week  weighed  in  on  the 
debate  over  open-document  file  formats,  say¬ 
ing  it  would  seek  standardization  of  the  XML 
formats  it  is  developing  for  the  forthcoming 
Office  12,  as  well  as  provide  tools  to  convert 
existing  Office  documents  to  the  new  technol¬ 
ogy;  The  company  also  said  it  will  not  seek 
legal  action  against  companies  that  build  the 
formats  into  their  products. 

For  users,  Microsoft  is  trying  to  take  the 
shackles  off  its  desktop  Office  applications 
using  XML. The  company  aims  to  separate  the 
data  from  the  applications  so  the  data  can  be 
shared  with  back-end  systems,  such  as  ERP 
and  CRM,  or  injected  into  business-process 
workflows.  With  the  standardization  efforts, 
Microsoft  hopes  the  open  formats  will  ease 
user  concerns  over  long-term  storage,  manage¬ 
ment  and  retrieval  of  data. 

The  company  and  a  group  of  partners, 
including  vendors  such  as  Intel  and  users 
such  as  Barclays  Capital,  said  it  would  sub¬ 
mit  its  Office  Open  XML  document  format 
to  the  European  Computer  Manufacturers 
Association  (ECMA).  Microsoft  and  its  part¬ 
ners  then  hope  ECMA  will  submit  its  work 
to  the  International  Organization  for 
Standardization. 

Earlier  this  year,  Microsoft  announced  Open 
XML  would  be  the  default  format  for  Word, 
Excel  and  FbwerFbint  in  Office  12. 

“From  an  enterprise  standpoint,  you  don’t 
want  to  store  documents  in  a  proprietary  for¬ 
mat,”  says  Chris  LeTocq,  an  analyst  with 
Guernsey  Research.  “Who  knows  what  you 
might  be  charged  to  read  it  10  years  from 
now?’ 


LeTocq  says  Microsoft  realizes  it  has  to  have 
an  answer.“They  have  to  be  able  to  claim  some 
degree  of  openness.” 

Microsoft  already  offers  open  and  royalty- 
free  licenses  and  documentation  for  the  XML 
Reference  Schemas  in  Office  2003,  but  recent 
events  seem  to  be  pushing  it  to  go  further. 

The  company  is  feeling  pressure  after  a  deci¬ 
sion  earlier  this  year  by  the  commonwealth  of 
Massachusetts  to  adopt  a  standard  open-file 
format  called  OpenDocument  by  2007  and 
efforts  by  IBM,  Sun,  Google  and  others  to  rally 
industry  support  for  the  XML-based  format. 

OpenDocument  was  developed  by  the 
Organization  for  the  Advancement  of  Struc¬ 
tured  Information  Standards  (OASIS),  which 
has  submitted  its  format  to  the  ISO  for  stan¬ 
dardization, the  same  organization  Microsoft  is 
targeting. 

And  Microsoft  has  a  history  of  turning  to 
ECMA  for  standardization  efforts,  including 
submitting  its  C#  programming  language  at  a 
time  when  Java  was  gaining  popularity 

Microsoft  says  its  Open  XML  move  is  not  a 
reaction  but  a  strategy 

“Standardization  was  part  of  our  plan  with 
Office  12  [formats]  from  the  beginning,”  says 
Alan  Yates,  director  of  information  worker  strat¬ 
egy  at  Microsoft.  “It  was  painful  during  the 
Massachusetts  debate  not  to  be  able  to  say 
where  we  were  headed.”  Yates  said  Microsoft 
was  waiting  for  the  Office  12  beta  release  and 
next  month's  ECMA  meeting,  as  well  as  getting 
partners  lined  up. 

The  first  beta  of  Office  12  was  shipped  two 
weeks  ago.  A  second  beta  is  planned  for 
March,  with  final  shipment  slated  for  the  sec¬ 
ond  half  of  2006.The  beta  includes  add-ons  for 


Office  2000, 2003  and  XP  so  those  applications 
can  read  and  write  the  new  OpenXML  formats. 
Users  can  open  documents  created  in  older 
Office  programs,  say  Office  97,  and  convert 
them  into  a  current  format  and  then  into  an 
OpenXML  document.  The  beta  includes  a 
batch-converter  tool. 

Yates  says  OpenDocument  and  Open  XML 
cannot  be  compared. 

“OpenDocument  is  not  focused  on  the  bil¬ 
lions  of  documents  and  bringing  them  into  the 
Open  XML  future,  it  is  not  focused  on  the 
Office  12  level  of  functionality  not  focused  on 
using  documents  as  transports  of  data  within 
organizations.  There  are  multiple  differences,” 
Yates  says. 

Observers  say  the  proof  of  Microsoft’s  inten¬ 
tions  will  be  revealed  in  the  details  of  the 
license  for  the  formats.  Microsoft  said  last  week 
that  Open  XML  will  be  offered  with  an  “irrevo¬ 
cable  covenant  not  to  sue  anyone  for  use  of 
our  XML  format  specifications.” 

Regardless,  some  say  that  having  choices  is 
the  real  issue. 

“We  encourage  moves  toward  more  open¬ 
ness  and  more  interoperability,  which  this 
announcement  is,  and  it  is  a  positive  move  for 
Microsoft’s  customers,”  says  Chris  Darby,  the 
general  manger  of  the  XML  products  division 
at  Intel.  But  Darby  says  that  “open”  is  a  tough 
word  to  define  and  that  customers  will  ulti¬ 
mately  decide  what  is  best  for  their  needs.  Intel 
also  has  been  supportive  of  the  file  format 
efforts  of  OASIS.  ■ 
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Medical 

continued  from  page  1 

systems  interconnected  can  pay 
dividends  in  terms  of  manage 
ment  and  data  sharing. 

For  years,  manufacturers  had 
been  telling  customers  that  they 
couldn’t  provide  timely  patches 
because  the  U.S.  regulatory  body 
in  charge  of  medical-device  safe 
ty,  the  Food  and  Drug  Admin¬ 
istration  (FDA),  had  to  approve 
the  software  fixes  first  in  a  lengthy 
inspection  process. 

But  inquiries  last  year  to  the  FDA 
division  in  charge,  the  Center  for 
Devices  and  Radiological  Health, 
revealed  that  the  FDA  had  no 
such  rules.  This  shattered  a  myth 
that  had  been  at  best  a  misunder¬ 
standing  and  at  worst  a  deceit. 

Since  then,  much  of  the  change 
in  the  dialogue  among  manufac¬ 
turers  and  hospital  IT  staff  can  be 
attributed  to  FDA  guidance.  The 
agency  has  made  clear  it  isn’t 
opposed  on  principle  to  cus¬ 
tomers  patching  medical  devices. 

“There  is  no  FDA  legal  require¬ 
ment  that  would  prevent  the  user 
from  installing  patches  without 
prior  approval  from  the  device 
manufacturer,"  says  John  Murray, 
the  FDAs  software  and  electronic- 
records  compliance  expert. 

In  its  “Guidance  for  Industry: 
Cybersecurity  for  Networked 
Medical  Devices  Containing  Off- 
the-Shelf  Software,”  the  FDA  told 
manufacturers  that  they  “bear  the 
responsibility  for  the  continued 
safe  and  effective  performance  of 
the  medical  device,  including  the 
performance  of  the  off-the-shelf 
software  that  is  part  of  the  device.” 

The  document  also  states:  “The 
need  to  be  vigilant  and  respon¬ 
sive  to  cybersecurity  vulnerabili¬ 
ties  is  part  of  your  obligation.” 

The  FDAs  guidelines  require 
manufacturers  to  perform  soft¬ 
ware  validation  and  risk  analysis 
on  patches.  But  the  FDA  made 
clear  that  it  does  not  require  an 
extensive  pre-market  review  for  a 
device  implementing  a  software 
patch,  though  the  agency  wants 
vendors  to  report  regularly  to  the 
FDA  on  the  process. 

The  agency  will  take  a  closer 
look  if  the  software  patch  affects 
how  the  medical  device  treats  dis¬ 
eases,  or  if  it  affects  device  effec¬ 
tiveness  or  safety. 

The  FDA  told  medical-device 
manufacturers  they  should  estab¬ 
lish  formal  business  relationships 
with  commercial  software  ven¬ 
dors  and  validate  software 


changes  to  medical  devices  to 
address  cybersecurity  vulnerabili¬ 
ties. 

And  “because  of  the  frequency 
of  the  cybersecurity  patches,”  says 
the  FDA,  manufacturers  should 
come  up  with  a  “single  cybersecu¬ 
rity  maintenance  plan.” 

The  plan  could  allow  the  manu¬ 
facturers  to  delegate  tasks  to  cus¬ 
tomers,  the  software  vendor  or 
third  parties,  the  FDA  said. 

Community  Health  Network’s 
McClain  says  relations  with  de¬ 
vice  manufacturers  have  im¬ 
proved  noticeably  on  patching 
issues.  He  consults  with  all  his 
vendors,  including  GE  Medical, 
Agfa  and  McKesson,  when  the 
hospital  decides  to  patch  medical 
devices.  This  is  especially  true  on 
the  large,  cumulative  patches  that 


Microsoft  has  released  periodical¬ 
ly  over  the  past  year. 

“If  there’s  an  urgent  patch 
[where  a  breach  could  be 
opened]  without  it,  we  let  the  ven¬ 
dors  know  we’re  doing  it,”  he  says. 

Other  organizations,  including 
the  U.S.  Department  of  Veterans 
Affairs,  are  more  comfortable  ad¬ 
hering  to  a  policy  that  a  customer 
make  no  modification  to  a  med¬ 
ical  device,  unless  the  manufac¬ 
turer  “explicitly  supports  the  mod¬ 
ification,”  says  Steven  Wexler,  bio¬ 
medical  engineer  at  the  agency. 

Wexler  has  helped  the  agency 
and  the  VA  hospitals  craft  a  policy 
that  emphasizes  network  defens¬ 
es,  such  as  intrusion-detection 
and  prevention  and  network  seg¬ 
mentation  of  medical  devices 
through  virtual  LANs  (VLAN). 

Some  IT  professionals  say  man¬ 
ufacturers  are  sometimes  part  of 
the  problem  and  there’s  a  long 
way  to  go  to  improve  the  intrinsic 
security  of  medical  devices. 

“Vendors  have  introduced  virus¬ 
es  into  the  network,"  says  Bill 
Bailey,  enterprise  architect  in 


ProHealth  Care,  Milwaukee.  Bailey 
has  advocated  that  the  FDA  play  a 
stronger  role  in  policy  for  net¬ 
worked  medical  devices. 

Although  Bailey  says  he  per¬ 
ceives  “no  sea  change”  in  security 
for  medical  devices  over  the  past 
year,  he  does  see  substantial 
progress  in  certain  areas. 

He  notes  that  a  few  vendors, 
including  GE  Medical  and  Agfa, 
are  exploring  ways  to  monitor 
devices  such  as  cardiac  monitors 
and  imaging  systems  so  patch 
updates  for  Windows  or  Unix 
might  be  applied  remotely 

Bailey  points  to  specialized  gate¬ 
ways  that  both  manufacturers  are 
testing  at  ProHealth  to  monitor 
patient-care  equipment  for  securi¬ 
ty  purposes.  “The  gateway  sits 
onsite  to  act  as  a  Layer  3  security 


bridge,”  he  says. 

While  such  specialized  medical- 
device  gateways  might  one  day 
become  common,  Bailey  also 
sees  a  downside:  They  would  be 
another  device  to  monitor. 

Manufacturers  say  they’re  striv¬ 
ing  to  find  common  ground  with 
customers  and  to  improve  securi¬ 
ty  in  medical  devices. 

Agfa,  for  one,  maintains  that  the 
FDAs  cybersecurity  guidelines 
have  helped  to  promote  a  more 
positive  dialogue. 

“Prior  to  that,  there  was  a  cloud 
hanging  over  the  whole  thing," 
says  Tim  Artz,  Agfa’s  director  of 
global  government  programs. 

The  FDAs  guidance  prompted 
Agfa  to  undertake  a  broad  assess¬ 
ment  of  its  products.  “The  risk  of 
applying  patches  is  very  extreme¬ 
ly  low"  Artz  says,  adding  Agfa  is 
exploring  ways  it  might  automate 
security  updates  to  devices  that 
“would  be  done  in  line  with  cus¬ 
tomers’  policies.” 

Even  before  the  FDA  guidelines 
appeared, Agfa  had  been  involved 
in  an  Air  Force-run  program  to 


make  sure  imaging  devices,  which 
can  share  patient  data  remotely, 
would  be  kept  patched  and  main¬ 
tained  according  to  Air  Force  pro¬ 
cedures.  That  effort,  which  re¬ 
quired  extensive  testing  of  Agfa 
teleradiology  machines  by  the  Air 
Force,  earned  the  vendor’s  equip¬ 
ment  the  “Certificate  of  Networth- 
iness”  from  the  Air  Force. 

Last  summer  the  FDA  eyed  the 
certificate  program  for  medical 
devices  as  a  process  it  might 
espouse  for  broader  use.  However, 
that  effort  is  not  currently  being 
pursued,  according  to  the  FDA. 

Philips  Medical  Systems  and  GE 
Medical  also  want  to  make  it  easi¬ 
er  and  faster  to  apply  patches,  but 
worry  the  patching  process  could 
have  repercussions  if  it  eludes 
their  control. 


As  far  as  policy  goes,  Philips 
“warns”  against  any  modification 
of  its  devices  “unless  modifica¬ 
tions  are  authorized  in  writing  by 
Philips,”  says  Nick  Mankovich, 
director  of  product  security 

Philips,  which  validates  software 
patches,  typically  has  its  own  ser¬ 
vice  staff  apply  them  to  customer 
equipment.  There  are  no  set  time 
frames  for  this. 

Mankovich  says  Philips  will  let 
customers  install  patches  and 
anti-virus  protection  on  some 
devices,  but  only  with  specific 
authorization  from  the  vendor. 

Philips  has  focused  on  “harden¬ 
ing"  commercial  operation  sys¬ 
tems  and  applications  used  in  its 
ultrasound  and  tomography 
scanners, as  well  as  cardiac  mon¬ 
itoring  and  cardiovascular  sys¬ 
tems,  so  that  unused  services 
and  ports  are  closed  and  inter¬ 
nal  firewalls  are  incorporated 
into  the  devices. 

Mankovich  notes  that  Philips, 
along  with  other  manufacturers,  is 
working  on  ways  to  patch  that  will 
be  “designed,  validated  and  veri¬ 


fied  for  use  by  customer  staff 
where  feasible.” 

Device  manufacturers  see  the 
dark  side  of  patching,  particularly 
the  disruptions  a  patch  can  cause 
when  it’s  flawed  or  interferes  with 
a  machine’s  operation. 

“All  patches  are  guilty  until 
proven  innocent," says  Scott  Bolte, 
GE  Healthcare  product-security 
program  manager.  “An  unexpect¬ 
ed  side  effect  of  a  patch,  one  that 
disrupts  normal  operations,  is 
annoying  on  a  general-purpose 
system  such  as  your  desktop.  The 
same  side  effect  on  a  medical 
device  is  intolerable.” 

Because  medical  systems  are 
sold  internationally  device  makers 
periodically  get  together  to  hash 
out  answers  on  a  global  basis. 

One  important  forum  for  doing 
this  is  the  Joint  Security  and 
Privacy  Committee,  which  unites 
three  regional  industry  groups:  the 
National  Electrical  Manufacturers 
Association  in  the  United  States, 
the  European  Coordination  Com¬ 
mittee  of  the  Radiological  and 
Electromedical  Industry  and  the 
Japan  Industries  Association  of 
Radiological  Systems. 

Stephen  Vastagh,  the  secretary 
for  the  Joint  Security  and  Privacy 
Committee  in  Washington,  D.C., 
points  to  the  difficulties  in  manag¬ 
ing  IT  security  risks  associated 
with  medical  devices,  because  the 
regions  in  which  devices  are  man¬ 
ufactured  and  operated  define  the 
regulatory  requirements. 

Vastagh  says  the  “incredible 
diversity  of  devices,  ranging  from 
on-  or  in-the-body  devices  to  MR1 
scanners  to  multi-facility  informa¬ 
tion  systems,”  makes  it  difficult  to 
have  standards. 

Vastagh  says  healthcare  pro¬ 
viders  and  manufacturers  have  to 
work  together  to  balance  infor¬ 
mation  flow  and  cost  issues  with 
IT  security  requirements. 

“Of  course,  we  know  that  there 
are  those  who  remain  frustrated 
with  the  fact  that  medical  devices 
cannot  be  patched  with  the  same 
speed  as  the  desktop  computing 
environment, ’’Vastagh  says.“This  is 
the  reality  of  having  people’s  safe¬ 
ty  and  lives  connected  directly  to 
medical  devices.  If  your  life 
depended  on  OpenOffice  or 
Photoshop  or  Quicken  working 
perfectly  after  every  operating- 
system  patch  and  upgrade,  you 
might  reasonably  be  more  cau¬ 
tious  before  setting  AutoUpdate  to 
‘on’  —  even  more  cautious  if  your 
children’s  and  neighbors’  lives 
were  in  the  mix.”B 


Resource  guide 

Here  are  more  sources  of  information  about  protecting  networked  medical  devices. 

Resources 

U.S.  Food  and  Drug  Administration 

“Guidance  for  Industry:  Cybersecurity  for  Networked  Medical  Devices  Containing  Off-the-Shelf  Software" 
(www.networkwortd.com,  DocFinder:  9958) 

Healthcare  Information  and  Management  Systems  Society 

Medical  Device  Security  (DocFinder:  9959) 

U.S.  Department  of  Veterans  Affairs 

Medical  Device  Isolation  Architecture  Guide  (DocFinder:  9960) 

National  Electrical  Manufacturers  Association  Web  site 

"Break  Glass  —  An  Approach  to  Granting  Emergency  Access  to  Healthcare  Systems”  (DocFinder  9961) 
“Patching  Off-the-Shelf  Software  Used  in  Medical  Information  Systems"  (DocFinder  9962) 


mttaftpfega g?v 


WebSphere 


SS 


a 


IBM 


(E  PRESENTS 


Wmim 


DEA 


. 


FEATURING:  THE  NEW  AND  ENHANCED  WEBSPHERE  ESB  PRODUCTS 
ROBUST  *  EASY  TO  USE  *  AFFORDABLE 


OPEN  STANDARDS  FOR  VIRTUALLY  LIMITLESS  SECURE  AND  SCALABLE  INTEGRATION 

PLUS:  . . ■"■■■■  ■■■' . 


“ 


NEAR  UNIVERSAL  CONNECTIVITY  I  SEAMLESS  REAL-TIME  COMMUNICATION  [  UNMATCHED  WORLD-CLASS  IBM  EXPERTISE 

I  BETWEEN  BUSINESS-CRITICAL  APPS  I  OVER  10  YRS  INTEGRATION  INNOVATION 


POWER  YOUR  S.O.A.  WITH  TRUE  ESB.  POWER  YOUR  BUSINESS  WITH  WEBSPHERS 

'' 

IBM  MIDDLEWARE.  POWERFUL.  PROVEN.  FIGHT  BACK  AT  WWW.IBM.COM/MIDDLEWARE/APP! 

IBM,  the  IBM  logo  and  WebSphere  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2005  IBM  Corporation  All  rights  rasKver;. 


16  •  www.networkworld.com  •  11.28.05 


Software 

watches 

service 

providers 

BY  DENISE  DUBIE 

ComBrio,  which  for  the  past 
year  has  delivered  appliances  to 
help  service  providers  manage 
customer  networks,  is  turning  the 
tables  somewhat  and  giving  net¬ 
work  managers  a  tool  for  manag¬ 
ing  service  providers. 

The  company  this  week  is 
introducing  Virtual  Service  Infra¬ 
structure  (VSI)  Software  Suite 
2.0,  a  Linux  server-based  pro¬ 
gram  designed  for  installation  in 
corporate  data  centers  or  re¬ 
mote  offices. 

The  software  lets  companies  set 
policies  on  how  service  providers 
connect  to  their  networks.  Using 
VSI’s  Service  Control  feature,  cus¬ 
tomers  could  require  their  service 
providers  to  connect  to  their  net¬ 
works  via  ComBrio’s  product. 
Customers  need  to  leave  specific 
ports  available. 

Jeff  Kaplan,  managing  director 
at  consulting  firm  Thinkstrategies, 
says  the  VSIenterprise  add-on  to 
VSI  Service  Control  could  give 
network  managers  a  simplified 
approach  to  managing  out¬ 
sourcers  and  a  comprehensive 
audit  trail  of  network  access  for 
regulatory  compliance  purposes. 

Charles  O'Donnell  says  VSI 
Service  Control  could  help  him 
deliver  service  over  a  consistent 
and  secure  connection  to  cus¬ 
tomers  and  VSIenterprise  could 
give  customers  a  better  way  to 
manage  their  outsourced  jobs. 
'Hie  vice  president  of  managed 
services  for  Liebert  Global  Ser¬ 
vices,  a  maintenance  and  on-site 
repair  company  for  computer  sys¬ 
tems  in  Columbus, Ohio.says  he  is 
field  testing  both  products  and 
expects  to  put  them  into  produc¬ 
tion  in  2006. 

“The  ComBrio  gateway  allows 
us  to  have  a  single  point  of  com¬ 
munication  that  is  restricted  to 
our  specific  devices,  and  that 
gives  customers  control  over  ac¬ 
cess,  without  requiring  a  change 
in  their  firewall  policies,"  O’Don¬ 
nell  says. 

VSI  Service  Control  starts  at 
about  $30,000.  The  first  license 
of  VSIenterprise  is  free  and 
then  costs  $3,000  per  service 
provider  ■ 


Cisco  finally  bets  big  on  video 


Lights,  camera . . .  action! 

Cisco's  video  endeavors  leading  up  to  the  Scientific-Atlanta  buy: 

Year  I  Event  1  Impact 

1998 

Acquired  Precept  Software  for  $84  million. 

Precept  CEO  Judy  Estrin  became  Cisco  CTO  —  Precept’s 
IP/TV  application  is  still  offered  but  has  had  a  negligible 
effect  on  the  market. 

2001 

Unveils  IP/VC  3500  videoconferencing  product  line. 

Products  still  offered  —  market  effect  not  available. 

2004 

Unveils  uMG9800  line  for  cable  companies. 

Products  still  offered  —  market  effect  not  available. 

Adds  video  phone  features  to  CallManager  VoIP  software. 

Partners  with  Interactive  Video  Technologies  for  business 
video  solution. 

Video  could  ride  CallManager’s  enterprise  leadership  position. 
Still  offered  —  market  effect  not  available. 

BY  JIM  DUFFY 

Cisco’s  video  ambitions  until 
now  have  been  anticlimactic  in 
scope  and  market  penetration. 

But  the  company’s  $6.9  billion 
acquisition  of  Scientific-Atlanta 
changes  all  that.  Not  only  is  it 
Cisco’s  biggest  video  bet,  but  it 
gives  the  vendor  instant  leader¬ 
ship  in  a  market  on  which  it  has 
had  little  previous  impact. 

Cisco  has  made  a  few  small 
acquisitions  over  the  past  10 
years,  including  the  purchase  of 
Precept  Software  in  1998,  which 
brought  serial  entrepreneur  Judy 
Estrin  to  Cisco,  but  those  moves 
have  had  little  effect  in  the  market 
or  in  Cisco’s  top  and  bottom  lines 
(see  graphic). 

The  Yankee  Group  says  the 
worldwide  market  for  corporate 
video  is  just  less  than  $1  billion 
this  year,  up  about  33%  from  the 
$750  million  in  2003. 

“If  I  were  thinking  of  the  top-five 
video  vendors,  1  wouldn’t  put 
Cisco  in  there,”  says  Zeus  Kerra- 
vala  of  The  Yankee  Group.  “They 
do  sell  some  video  infrastructure. 
It’s  pretty  good  stuff,  but  Cisco’s 
been  much  more  on  the  voice 
bandwagon  for  the  past  couple  of 
years  than  video.” 

“They  do  OK,  I  wouldn’t  call  it  a 
large  business  for  them  by  any 
stretch  of  the  imagination,”  says 


IDC  analyst  Abner  Germanow. 
“But  video  is  an  application  that 
has  a  lot  of  potential.” 

Cisco’s  past  enterprise-video  ini¬ 
tiatives  were  more  for  positioning 
itself  for  a  potential  market,  as 
opposed  to  trying  to  attain  a  lead¬ 
ership  position  in  a  burgeoning 
market,  says  Gerry  Kaufhold,  a 
principal  analyst  at  In-Stat. 

“The  timing  was  somewhat  pre¬ 
mature,”  he  says.  “Corporate  video 
is  just  now  becoming  a  popular 
item.  Cisco  knew  all  along,  and 
correctly  that  video  would  be  part 
of  the  endgame,  so  they  were  posi¬ 
tioning  themselves  to  be  in  there.” 

The  key  to  corporate  video  is 
video  capture  and  edit,  Kaufhold 
says.  Cisco’s  early  forays  into  video 
were  aimed  more  at  video  distrib¬ 


ution  over  Ethernet,  he  says. 

But  it  wasn’t  until  iPTV  began  to 
storm  the  consumer  market  two 
years  ago  that  Cisco  found  itself 
pulled  into  a  larger  video  role  by 
default.  Cable  companies  and  tel¬ 
cos  are  relying  on  Ethernet  to  pro¬ 
vision  switched  video  into  house¬ 
holds  and  service  specific  edge 
routers  to  manage  subscriber  pro¬ 
files  and  service  characteristics. 
As  the  world’s  leading  Ethernet 
switch  and  IP  router  vendor,  the 
video  game  came  to  Cisco. 

Cisco  concurs  that  momentum 
in  video  started  when  industry 
activity  in  IPTV  began  to  ramp  up. 
But  the  company  puts  that  time- 
frame  more  at  three  to  five  years 
vs.  two. 

“Certainly,  activities  in  the  video 


market ...  is  at  least  the  last  three 
years  or  so,  while  the  industry  has 
been  aware  of  and  talking  about 
IPTV  says  Fteter  Clarke,  director  of 
Cisco’s  Service  Exchange  frame¬ 
work.  “We’ve  certainly  been 
involved  in  video  for  a  significant¬ 
ly  longer  [time] ,  but  IPTV  specifi¬ 
cally,  probably  about  five  years.” 

Cisco  says  more  than  10  million 
video-on-demand  subscribers  are 
receiving  services  from  Cisco  net¬ 
works. 

“They’ve  made  a  big  dent  in  the 
cable  market,  building  the  core 
networks  for  cable  companies,” 
Germanow  says.“As  cable  compa¬ 
nies  have  built  out  large  data  net¬ 
works,  it’s  essentially  been  a  green¬ 
field  opportunity  for  the  data-net- 
working  industry 

With  telcos  spending  billions  of 
dollars  to  run  fiber  closer  to 
homes  for  IP  switched  video  and 
interactive  video  on  demand,  and 
with  cable  companies  upgrading 
their  infrastructures  to  stay  a  step 
ahead  of  the  telcos,  Cisco’s  push 
to  control  the  set-top  box  in  your 
living  room  was  a  natural  progres¬ 
sion.  The  set-top  box  is  expected 
evolve  to  become  the  broadband 
router  controlling  digital  enter¬ 
tainment  in  the  networked  home. 

Video  is  now  one  of  Cisco’s  $1 
billion-a-year  advanced-technolo¬ 
gy  initiatives  and  a  critical  driver 
of  Cisco’s  future  growth.  As  CEO 
John  Chambers  said  last  week  in 
announcing  the  Scientific-Atlanta 
deal:  “Video  is  an  integral  part  of 
our  strategy  that  must  be  a  core 
competency 

On  the  corporate  side,  video  is 
coming  into  its  own,  analysts  say.  It 
chews  up  a  lot  of  bandwidth, 
which  means  companies  will  be 
looking  at  substantial  network 
upgrades  if  they  require  video 
applications  for  their  workers.  ■ 


Intradyn  rolls  out  e-mail 
archiving  appliance 


BY  DENI  CONNOR 

Intradyn  last  week  introduced  an  e-mail  archiving 
appliance  that  captures  messages  and  stores  them 
on  hard  disk,  optical  media  or  tape  for  compliance 
purposes. 

ComplianceVault06  Enterprise  sits  on  a  Gigabit 
Ethernet  network  and  captures  all  of  a  company’s 
e-mail  and  stores  it  on  the  appliance’s  disk  or  on  a 
Sony  AIT  drive. 

"The  new  Intradyn  offering  is  interesting  because 
it’s  an  appliance  and  so  relatively  easy  to  imple¬ 
ment  compared  to  in-house  software/server  solu¬ 
tions  that  require  more  deployment  effort,”  says 
Michael  Osterman,  principal  and  senior  analyst  for 
Osterman  Research. “It’s  also  aimed  at  the  midsize 
and  large-enterprise  market,  not  just  the  small-busi¬ 
ness  market,  as  many  appliances  often  are. 
Archiving  will  become  the  norm  at  some  point, 
and  appliances  might  help  organizations  come  to 
that  realization  a  bit  sooner.” 


The  appliance  features  a  search  function  that  lets 
customers  query  the  system  using  a  variety  of  tech¬ 
niques  for  e-mails  to  meet  the  search  criteria.  The 
search  results  then  can  be  exported  to  a  file,  CD,  e- 
mail  or  hard  copy  for  use  by  compliance  officers  or 
auditors. 

Every  access  to  the  appliance  is  tracked  by  date, 
time  and  user.  Data  also  can  be  encrypted  using 
Advanced  Encryption  Standard  256-bit  encryption 
and  protected  with  RAID  5  disk  redundancy 

Only  one  other  vendor,  StorServer,  manufactures  an 
e-mail  archiving  appliance.Vendors  such  as  EMC  and 
Veritas  offer  software  only,  which  customers  must 
integrate  with  storage  hardware. 

The  rack-mountable  ComplianceVault06  is  avail¬ 
able  in  disk  capacities  ranging  from  2T  to  8T  bytes.  It 
works  with  Microsoft  Exchange,  Lotus  Notes  and  vir¬ 
tually  any  IMAP  or  POP3  e-mail  system.  Available  in 
2U  and  3U  (3  1/2-inch-  and  5  1/4-inch-high)  versions, 
the  appliances  start  at  $20,000.  ■ 


IBM  LOTUS®  NOTES®  &  DOMINO®  PRESENT 


VAI  I  yc  YESTERDAY’S  MESSAGING 
I  \J\J  ™  TOMORROW’S  DEMANDS 


BUSINESS-CRITICAL  COLLABORATION  TAKES  ON  WEAK-KNEED  PRODUCTIVITY! 


FEATURING  SPECIAL  GUEST: 

THE  NEW  LOTUS  NOTES  &  DOMINO  7  *  BEYOND  E-MAIL,  BEYOND  CALENDARING,  BEYOND  "IT’LL  DO” 


WITH:  SUPER  HEAVYWEIGHT  SECURITY 
FEATURES  /  EFFORTLESS  MANAGEABILITY  / 
CONTINUING  INNOVATION 
FOR  BUSINESS-CRITICAL  COLLABORATION 


KNOCK-OUT  APPLICATION 
DEVELOPMENT  TOOLS 


LOTUS  NOTES  &  DOMINO  7  -  A  MEMBER  OF  THE  IBM®  WORKPLACE"1  FAMILY 

★  IBM  MIDDLEWARE.  POWERFUL.  PROVEN.  ★ 

FIGHT  BACK  AT  WWW.IBM.COM/MIDDLEWARE/PRODUCTIVE  ALL  CHALLENGERS  WELCOME 
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THRUST  SSC  (SUPER  SONIC  CAR)  SETTING  THE  LAND  SPEED  RECORD  ON  OCTOBER  15,  1997  IN  THE  BLACK  ROCK  DESERT,  NEVADA. 


Introducing  the  industry’s  highest  performance  Ethernet 
switch  family  ready  to  deliver  wire-speed  non-blocking 
performance  to  1.14  billion  packets  per  second  (or  up  to 
3.42  bpps  per  7-foot  telco  rack).  Foundry’s  Biglron  RX  Series 
offers  the  highest  density  Gigabit  and  10  Gigabit  Ethernet 
switching  and  routing  solution  in  the  industry  and  is  built  on  a 
distributed  and  redundant  switch  architecture  that  ships  ready  to 
support  100  Gigabit  Ethernet.  Featuring  support  for  scalable 
Ethernet  switching,  IPv4/IPv6  routing,  consistent  low  latency 
for  all  packet  sizes  and  advanced  quality  of  service  design.  The 
Biglron  RX  Series  meets  and  exceeds  the  needs  of  a  wide  range 
of  environments  including  Enterprise  LAN,  HPC,  MANS,  and 
next  generation  data  centers. 

find  out  more  about  the  BigIron  RX  Series  and  how 

YOU  CAN  TAKE  ADVANTAGE  OF  A  LIMITED  TIME  OFFER  TO 
REDEFINE  PERFORMANCE  AND  RELIABILITY  IN  YOUR 
NETWORK.  LOG  ON  TO  WWW.FOUNDRYNET.COM/BlGlRONRX. 


BigIron  rx-  l  6 


BIGIRON  RX-8 


BigIron  rx-4 
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FOUNDRY 

NETWORKS 

The  Power  of  Performance™ 


For  more  information  please  call:  us/canada  i  ssa  turbolan, 

INTERNATIONAL  +1  408.586.  1  700  OR  VISIT  OUR  WEBSITE  AT  WWW.FOUNDRYNET.COM 


Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  Enterprise  and  Service  Provider  switching,  routing  and  Web  traffic  management  solutions  including  Layer  2/3  LAN  switches, 
Laver  3  Backbone  switches.  Layer  4-7  Web  switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers.  Foundry’s  8,500  customers  include  the  world’s  premier  ISPs,  metro  service 
providers,  and  enterprises  including  e-commerce  sites,  universities,  entertainment,  health  and  wellness,  government,  financial,  and  manufacturing  companies. 

C  2005  Foundry  Networks*,  the  Foundry  logo.  The  Power  of  Performance"*,  Foundry"*,  and  Biglron*  RX  Series  are  trademarks  of  2005  Foundry  Networks,  Inc. 
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NET  INFRASTRUCTURE 


■  SECURITY  ■  SWITCHING  ■  ROUTING  KVPNS  ■  BANDWIDTH  MANAGEMENT  II  VOIP  IS  WIRELESS  LANS 


Short  Takes 


■  The  Liberty  Alliance  Project  a 

consortium  of  companies  and  organi¬ 
zations  that  works  on  standards  for 
federated  identity,  last  week  an¬ 
nounced  that  products  from  several 
major  companies  have  passed  recent 
interoperability  tests  using  the  speci¬ 
fication  it  backs.  The  Liberty  Alliance 
promotes  Security  Assertion  Markup 
Language  2.0,  a  Web  services  and 
federated  identity  specification. 
Earlier  this  month,  several  vendors  — 
including  IBM,  NEC  and  NTT  Com¬ 
munications  —  submitted  products 
and  services  for  anonymous  testing 
and  conformance  with  SAML  2.0,  the 
organization  said.  Federated  identity 
means  allowing  access  to  informa¬ 
tion  among  organizations  using 
secured  networks.  One  such  feature 
is  single  sign-on,  in  which  the  entry 
of  a  single  user  name  and  password 
can  be  used  to  access  several  linked 
Web  sites. 

■  GFI,  a  security  and  messaging  ven¬ 
dor,  last  week  released  LANguard 
Network  Security  Scanner  7.0, 

which  includes  anti-virus  and  anti-spy¬ 
ware  scanning  to  ensure  that  the 
most  recent  definition  files  are  in¬ 
stalled  on  user  machines.  NSS  7.0 
also  features  multilingual  patch  man¬ 
agement,  support  for  Linux,  a  vulnera¬ 
bility  feature  that  includes  recom¬ 
mended  action  and  tracking  of  unau¬ 
thorized  services.  The  software  also 
scans  wireless  access  points  and 
USB  ports  to  detect  those  services. 
The  patch-management  features 
support  automatic  download  and 
deployment  in  various  languages 
across  Microsoft  software.  NSS 
prices  start  at  $495. 

■  RSA  Security  has  announced  RSA 
Card  Manager,  Windows  server- 
based  software  that  acts  as  a  repos¬ 
itory  and  administrative  distribution 
point  for  issuing  smart  cards  and 
USB  tokens.  Card  Manager,  which 
costs  $30,000  for  1,000  users,  pro¬ 
vides  for  the  administration  of  multi¬ 
ple  authentication  technologies.  RSA 
Card  Manager  is  expected  to  ship 
next  month. 


VoIP  scheme  gets  big  backers 


BY  PHIL  HOCHMUTH 

Cisco,  which  sells  the  most  IP  telephony 
gear,  and  Microsoft,  which  seeks  a  greater 
corporate  VoIP  role,  recently  agreed  to  work 
together  to  add  capabilities  in  software  that 
lets  IP  voice  traffic  more  easily  run  across 
firewall-protected  networks. 

The  two  companies  will  support  and  im¬ 
plement  Interactive  Connectivity  Establish¬ 
ment  (ICE)  technology, which  is  a  proposed 
IETF  standard  for  allowing  VoIP  calls  to  tra¬ 
verse  firewalls  without  compromising  secu¬ 
rity  At  issue  is  network  address  translation 
(NAT), which  is  one  of  the  most  basic  meth¬ 
ods  for  protecting  client  and  other  network- 
based  devices  behind  a  firewall.  NAT  dis¬ 
tributes  internal  IP  addresses  to  nodes  and 
then  translates  the  addresses  to  publicly 
routable  IP  addresses  when  traffic  traverses 
the  Internet.  This  can  prevent  a  VoIP  call 
from  being  set  up  because  NAT  makes 
each  IP  endpoint  in  a  VoIP  connection 
handshake  seem  unreachable  to  the  other. 

Many  companies  have  worked  around 
NAT/VoIP  compatibility  issues  by  tunneling 
IP  voice  traffic  through  VPN  connections. 
This  is  common  for  remote  users  with  soft- 
phone  clients  and  laptops,  who  connect  to 
a  corporate  IP  PBX  through  a  home  firewall 
or  a  hotel  broadband  connection  with  a 
VPN  link.Site-tosite  VoIP  setups  also  use  tun¬ 
neling,  virtual  LAN  (VLAN)  segments  over 
VPNs  or  point-to-point  links  to  connect  VoIP 
calls  to  offices  protected  via  NAT  firewalls. 

But  some  observers  and  standards 
crafters  say  such  methods  are  stopgaps,  and 


HOW  IT  WORKS:  ICE 

Interactive  Connectivity  Establishment  technology  is  designed  to  let 
VoIP  traffic  traverse  network  address  translation  (NAT)  firewalls.  ICE 
defines  a  standard  way  for  clients  to  determine  a  set  of  addresses  with 
which  they  can  communicate. 


Q  Initiator  collects  all  sets  of  IP  addresses  on  which  it  can  receive  traffic  from  Simple  Traversal  of  UDP 
through  NAT  (STUN)  and  Traversal  Using  Relay  NAT  (TURN)  servers. 

B  Initiator  sends  list  of  addresses  to  STUN  server,  then  sends  initiate  message  to  responder  with  a  preference- 
order  list  of  addresses  for  communication  between  nodes. 

0  Responder  sends  a  STUN  request  to  each  address  provided  in  the  initiate  message. 

□  Initiator  sends  STUN  reply  messages  back  to  responder  for  each  request  received, 

0  Responder  receives  STUN  replies.  The  messages  indicate  the  addresses  by  which  the  initiator  and  responder 
can  communicate. 

0  The  address  with  the  highest  preference  is  used  for  further  communication  between  the  devices. 


that  VoIP  connectivity  should  work  as  seam¬ 
lessly  across  the  Internet  as  browsing  a  Web 
site,  sending  e-mail  or  as  in  instant-messag¬ 
ing  sessions. 


This  is  where  ICE  comes  in. The  technol¬ 
ogy  works  by  discovering  the  internal  IP 
address  schemes  of  networks  that  the  two 

See  ICE,  page  20 


SonicWall  buys  boost  security,  storage 


BY  TIM  GREENE 

SonicWall  is  buying  two  companies  to 
accelerate  its  security  and  storage  options 
for  customers. 

The  company  is  paying  a  total  of  $20  mil¬ 
lion  for  enKoo,  which  makes  SSL  VPN 
equipment  for  small  and  midsize  busi¬ 
nesses  (SMB),  and  Lasso  Logic,  which 
makes  appliances  that  back  up  data  locally 
and  provides  a  service  to  back  up  data  at  its 
secure  storage  facility 

After  the  deals  go  through,  Sonic  Wall  will 
stop  selling  enKoo  gear  and  start  integrat¬ 
ing  enKoo  features  into  the  SonicWall  SSL- 
VPN  200  and  SSL-VPN  2000,  says  Matthew 
Medeiros,  the  company’s  president  and 


CEO.The  integration  should  be  done  by  the 
end  of  the  first  quarter  of  next  year,  and  the 
company  will  continue  to  support  enKoo 
gear.The  company  says  it  also  will  offer  cus¬ 
tomers  deals  to  switch  over  to  SonicWall 
equipment. 

Network  hardware  companies  continue 
to  snap  up  technology  they  can  use  to 
make  security  a  standard  feature  in  the 
switches  and  routers  that  comprise  the 
basic  network  plumbing  inside  businesses. 
Juniper  Networks  recently  grabbed  up 
security  vendor  Funk  Software  for  $122  mil¬ 
lion.  Citrix  Systems  then  bought  its  way  into 
the  application  firewall  market  by  acquir¬ 
ing  start-up  Teros,  and  Force  10  Networks 


acquired  stealthy  intrusion-prevention, 
intrusion-detection  system  (IPS/IDS)  ven¬ 
dor  MetaNetworks.  In  the  past  year  Cisco 
acquired  six  security  vendors,  3Com 
acquired  IDS/IPS  stalwart  TippingPoint 
Technologies,  Juniper  bought  application 
security  firm  Fteribit  and  Citrix  bought  SSL 
VPN  vendor  Net6.  (See  more  details  to 
these  acquisitions  at  www.networkworld. 
com,  DocFinder  9957.) 

SonicWall  is  eating  up  one  of  its  competi¬ 
tors’  SMB  customers,  but  faces  competition 
from  AEP  and  Watchguard  Technologies. 
SonicWall  started  selling  SSL  VPN  equip¬ 
ment  two  months  ago  with  the  introduction 
See  SonicWall,  page  20 
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Security  still  top  IT  spending  priority 


BY  TOM  KRAZIT,  IDG  NEWS  SERVICE 

A  recent  survey  of  100  IT  executives  pre¬ 
dicts  that  IT  spending  will  decrease  slight¬ 
ly  in  2006  as  more  businesses  worry  about 
global  economic  conditions,  but  security 
software  and  enterprise  IT  upgrades  re¬ 
main  top  concerns, according  to  Goldman 
Sachs. 

Macroeconomic  factors,  such  as  high  oil 
prices  and  a  devastating  hurricane  season 
in  the  United  States, have  caused  40%  of  the 
executives  to  consider  reducing  their  2006 
IT  budgets,  according  to  survey  results  re¬ 
leased  last  week.  Fifty-two  percent  believe 
their  IT  spending  will  be  unchanged  in 
2006  from  2005. 

Security  software  has  been  a  long-run¬ 
ning  priority  among  the  executives  on 
Goldmans  survey  panel,  and  that  mind-set 
hasn’t  changed, according  to  the  current  re¬ 
sults.  Spending  on  anti-virus  products  has 


eased  after  a  flurry  of  activity  but  CIOs  con¬ 
tinue  to  focus  on  improving  security  in 
identity  management  and  regulatory  com¬ 
pliance,  the  survey  says. 

Other  corporate  software  priorities  in¬ 
clude  ERP  and  CRM  ,with  CIOs  upgrading 
these  categories  to  top  priorities.  When 
Goldman  polled  its  panel  in  April,  both 
were  considered  medium  priorities. 

Among  enterprise-software  vendors, 
VMware  and  SAP  AG  were  the  two  most- 
cited  companies  that  are  receiving  an  in¬ 
creasing  percentage  of  the  respondents’  IT 
budgets. Virtualization  technologies  are  hot 
this  year,  as  Intel  and  Advanced  Micro  De¬ 
vices  prepare  chips  that  improve  the  per¬ 
formance  of  virtualization  software.  On  the 
downside,  respondents  listed  Novell  and 
Computer  Associates  as  receiving  less  of 
their  IT  budgets. 

When  it  comes  to  choosing  hardware  for 


their  new  software,  IT  executives  listed 
servers  using  Microsoft’s  Windows  OS  as  a 
top  priority  an  upgrade  from  the  April  sur¬ 
vey  Unix  servers  also  received  an  upgrade, 
but  are  considered  a  medium  priority 
among  Goldman’s  respondents. 

Dell  and  IBM  are  receiving  larger  shares 
of  IT  budgets.  Goldman  suggested  that 
given  Dell’s  financial  results  from  the  past 
two  quarters,  aggressive  discounts  may 
have  played  a  role  in  Dell’s  performance 
among  respondents.  HP  is  losing  its  share  of 
respondents’  IT  budgets,  but  Goldman 
expects  the  company’s  performance  to  im¬ 
prove  over  the  next  year. 

Dell  also  is  gaining  share  in  the  PC  por¬ 
tion  of  respondents’  IT  budgets,  while  HP 
is  losing  share.  Goldman  attributed  HP’s 
performance  to  increased  discipline 
about  the  markets  in  which  it  participates. 
Lenovo  Group  did  not  gain  or  lose  share 


among  the  survey  respondents,  an  im¬ 
provement  from  the  previous  survey  con¬ 
ducted  after  Lenovo  completed  its  acqui¬ 
sition  of  IBM’s  PC  business. 

On  outsourcing,  24%  say  they  expect 
their  interest  in  paying  someone  else  to 
manage  the  data  center  or  desktops  to  in¬ 
crease.  With  economic  conditions  on  the 
minds  of  IT  executives,  reducing  their 
costs  by  outsourcing  these  functions  is 
expected  to  become  more  popular, 
according  to  Goldman. 

Fifty-three  percent  of  Goldman’s  survey 
respondents  hold  the  title  of  CIO,  while 
22%  are  vice  presidents  of  IT  or  IS  and 
15%  are  directors  of  MIS  or  IT.  Eighty-two 
percent  of  the  respondents  work  for  com¬ 
panies  that  have  yearly  revenue  of  $500 
million  or  greater,  and  52%  of  the  compa¬ 
nies  have  more  than  10,000  employees 
worldwide.  ■ 


ICE 

continued  from  page  19 

VoIP  endpoints  are  attached  to, 
behind  NAT  firewalls.  To  do  this, 
ICE  uses  existing  protocols  and  IP 
address  discovery  mechanisms, 
such  as  Simple  Traversal  of  UDP 
through  NAT  (STUN),  Traversal 
Using  Relay  NAT  (TURN)  and 
Realm  Specific  IP  This  requires 
servers  that  can  accept  STUN  and 
TURN  requests  and  broker  these 
connections  for  VoIP  devices, 
which  are  called  initiators  in  the 
ICE  model. 

STUN  and  TURN  “by  nature  of 
their  design,  are  difficult  to  oper¬ 
ate  through  NAT,”  according  to 
Jonathan  Rosenberg,  a  Cisco  engi¬ 
neer  and  author  of  the  IETF  In¬ 
ternet  draft  for  ICE. 

“ICE  makes  use  of  STUN  and 
TURN,  but  uses  them  in  a  specific 
methodology;  which  avoids  many 
of  the  pitfalls  of  using  any  one 
alone,”  Rosenberg  writes  in  the 
ICE  IETF  draft  proposal. 

The  potential  for  any-to-any  VoIP 
connectivity  without  impediment 
from  NAT  firewalls  has  strong 
promise  for  consumer  VoIP  tech¬ 
nology,  according  to  Don  Proctor, 


Standard  explanation 

Cisco  engineer  Cullen  Jennings  provides 
an  audio  explanation  of  how  ICE  works. 

BocFinfer  9943 


senior  vice  president  of  the  Voice 
Technology  Group  at  Cisco. 
“Microsoft’s  and  Cisco’s  endorse 
ment  of  ICE  standards  bodes  well 
for  our  mutual  customers,”  he  said 
in  a  statement.  This  is  especially 
true  considering  that  most  home 
networks  with  broadband  have 
Microsoft  operating  systems,  are 
protected  by  broadband  router/- 
NAT  firewalls  and  connect  to  car¬ 
rier  networks  with  Cisco  gear. 

For  some  companies  that  run 
their  business  phone  systems  on 
IP  networks,  the  concepts  behind 
ICE  pose  some  security  issues, 
and  the  problem  ICE  proposes  to 
solve  is  not  one  that  is  very  press¬ 
ing  for  companies  that  use  IP 
PBXs  and  IP  phones. 

“We  run  VoIP  so  that  all  of  our 
traffic  runs  on  our  internal  net¬ 
work,”  says  Irving  Tyler,  CTO  for 
Quaker  Chemical,  an  industrial 
chemical  manufacturer  in  Con- 
shohocken,  Pa.  His  firm  uses 
Avaya  IP  phones,  IP-enabled 
PBXs  and  Cisco  switches  and 
routers  to  connect  users  in  the 
company’s  main  office  and  satel¬ 
lite  sales  offices.  Any  VoIP  calls 
made  on  the  network  run  inside 
Quaker  Chemical’s  firewall 
boundaries  and  over  point-to- 
point  WAN  links. When  calls  leave 
the  network,  they’re  translated  to 
digital  public  switch  telephone 
network  voice  signals. 

The  concept  behind  ICE  — 
allowing  IP  communication  de¬ 
vices  to  link  with  IP  devices  over 
the  Internet,  regardless  of  firewall 
configurations  —  might  be  a  neat 


trick,  but  not  an  application  his 
company  is  interested  in  now, 
Tyler  says. 

Also,  the  methodology  of  ICE,  in 
which  behind-the-NAT  IP  ad¬ 
dresses  are  discovered  and 
shared  among  connecting  par¬ 
ties,  is  something  that  businesses 
might  be  hesitant  to  explore. 

“I  could  see  people  being  leery 
about  doing  that,”  he  says.  If  a  car¬ 
rier  or  VoIP  vendor  could  provide 
security  for  such  exchanges,  “I 
think  companies  would  be  more 
likely  to  look  into  opening  up 
their  internal  IP  addresses.” 

Proponents  of  the  standard  say 
the  benefits  of  ICE  will  become 


more  apparent  when  wide  adop¬ 
tion  of  VoIP  happens,  and  IP  PBX 
installations  become  more 
mature.  As  more  companies  build 
security  within  network  bound¬ 
aries,  ICE  could  play  a  role  in  sim¬ 
plifying  voice-traffic  manage¬ 
ment,  says  Cullen  Jennings,  a 
Cisco  engineer. 

Like  Quaker,  most  VoIP  traffic  in 
businesses  runs  behind  the  edge 
firewall.  But  “many  enterprises  are 
looking  at  deploying,  or  are  al¬ 
ready  using,  lots  of  NATs  inside 
the  network,”  he  says.  This  could 
be  a  large  company  that  shares 
one  large  network,  but  separates 
divisions  or  departments  with  in¬ 


ternal  firewalls  for  security  or  IP 
address  management. 

Branch  offices  sometime  use 
NATs,  so  that  devices  can  receive 
IP  addresses  from  a  local  DHCP 
server,  instead  of  a  centralized 
source.  ICE  would  help  simplify 
VoIP  connectivity  in  this  case,  as 
well,  he  adds. 

As  for  when  ICE  will  show  up  in 
VoIP  products,  Jennings  says  this 
is  a  ways  off. 

“ICE  is  still  a  draft,  not  even  an 
RFC  yet,  so  no  one  can  really  say 
they  support  it,”  he  says.  “But 
[Cisco  has]  products  that  we  are 
working  on  with  a  prestandard 
implementations  of  ICE.”  ■ 


SonicWall 

continued  from  page  19 

of  two  appliances  and  sees  the  need  to  speed  up  its 
development,  Medeiros  says.  Enkoo  can  supply  sup¬ 
port  for  Citrix,  single  sign-on  for  remote  users  and  the 
ability  to  rewrite  HTTPone  key  way  that  SSL  VPN  gear 
links  remote  users  to  corporate  servers.  “It  was  the 
type  of  product  features  we  really  needed  to  have,” 
Medeiros  says. 

SonicWall  is  known  for  its  firewall/VPN  appliances 
for  SMBs,  although  it  has  boosted  the  speed  of  the 
gear  over  the  years  to  include  equipment  for  larger 
customers.  SonicWall  also  makes  security  platforms 
that  scan  for  viruses,  spyware,  spam,  phishing  and 
other  intrusions. 

Its  generally  good  reputation  may  ease  worries  of 
enKoo  customers. 

“I  know  they  have  good  stuff, "says  Pete  Kever, senior 
communications  specialist  for  Griffith  Holdings,  an 
Internet  marketing  firm  in  Medina,  Ohio. 

Becoming  part  of  a  larger  organization  will  likely 
help  enKoo  because  it  will  have  more  resources  to 


develop  the  products.  SonicWall  is  taking  on  just  six 
engineers  from  enKoo  who  have  worked  on  SSL  VPN 
software  for  years  and  have  a  jump  on  the  SonicWall 
development  team,  the  company  says. 

As  for  the  Lasso  purchase,  SonicWall  says  it  plans  to 
continue  selling  Lasso’s  continuous  data-protection 
appliances  as  stand-alone  products,  but  will  integrate 
management  of  the  gear  into  SonicWall’s  manage¬ 
ment  software.The  idea  is  to  give  customers  a  single 
view  of  their  security  and  back-up  status  and  to  set 
policies  for  both  from  the  same  console,  Medeiros 
says.The  gear  is  intended  to  provide  backup  in  case 
other  systems  crash.  It  also  will  create  a  record  of 
changes  that  can  be  used  to  comply  with  such  regu¬ 
lations  as  the  Sarbanes-Oxley  Act  and  the  Health 
Insurance  Portability  and  Accountability  Act. 

Lasso’s  appliances  store  changes  made  to  files 
locally,  and  customers  can  sign  up  for  a  service  that 
lets  them  back  up  the  local  appliance  to  a  Lasso 
secure  storage  facility.  Medeiros  says  the  acquisition 
of  Lasso  was  motivated  in  part  by  the  ongoing  rev¬ 
enue  from  the  service,  which  costs  an  average  of 
$200  to  $400  per  year  per  customer.  ■ 


Citrix  NetScaler 

makes  any  application 


15  times  faster 


for  anyone,  anywhere. 


Every  day,  leading  Global  2000  enterprises,  including 
the  five  largest  e-businesses  in  the  world,  rely  on 
Citrix®  NetScaler®  solutions  to  dramatically  accelerate 
application  performance.  All  without  adding  servers, 
bandwidth,  or  consultants.  Perhaps  that’s  why 
Citrix  NetScaler  application  delivery  systems  are 
rated  #1  in  customer  satisfaction  among  Layer 
4-7  networking  vendors.  See  what  Citrix  NetScaler 
can  do  for  you  at  www.citrix.com/netscaler 
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Short  Takes 


B  TaPflPi  last  week  shipped  a  sili¬ 
con-based  engine  and  a  software 
engine  for  accelerating  the  pro¬ 
cessing  and  exchange  of  XML  data. 
The  engines  focus  on  Extensible 
Stylesheet  Language  Trans¬ 
formation  and  are  optimized  for 
Web  services  and  transactional 
XML  processing.  The  engines, 
called  RAX-XSLT,  are  part  of 
Tarari’s  Random  Access  XML  fami¬ 
ly  of  XML  Content  Processors  for 
use  by  engineers  in  building  net¬ 
work  devices,  switches,  appliances, 
blades  and  servers.  The  RAX-XSLT 
technology  is  available  as  part  of 
theTarari  XML  RAX  Content 
Processor  Development  Kit,  which 
is  priced  at  $4,995. 

B  Crosswalk  has  announced  a 
software  bundle  designed  to  enable 
IT  managers  to  monitor  their  back¬ 
up  environments.  The  Crosswalk 
Storage  Manager  Backup  Bundle 
reports  on  the  mapping  of  host  dri¬ 
ves  to  the  back-up  applications  and 
identifies  hosts  that  are  not  being 
backed  up.  The  bundle  works  with 
back-up  applications  from  Com¬ 
puter  Associates,  IBM,  EMC 
Legato,  Syncsort  and  Symantec/- 
Veritas.  Pricing  starts  at  less  than 
$10,000. 

B  Microsoft  has  upgraded  the  syn¬ 
chronization  component  of  its 
Windows  Mobile  5.0  software. 
ActiveSync  4.1  fixes  several  prob¬ 
lems  that  occurred  with  its  4.0  ver¬ 
sion  when  trying  to  synchronize 
data  between  a  handheld  device 
and  a  PC,  according  to  information 
published  on  the  Microsoft  Devel¬ 
oper  Network  blog.  Connections 
were  dropped  between  a  PC  and  a 
device,  and  sometimes  the  software 
only  partially  synchronized  data 
between  the  two.  The  problem 
stemmed  from  a  conflict  with  desk¬ 
top  firewall  applications  or  applica¬ 
tions  that  manage  network  traffic, 
Microsoft  says.  The  update  is  avail¬ 
able  through  the  Windows  Mobile 
Web  site  at  www.networkworld.com, 
DocFinder:  9944. 


Start-ups  seek  to  shake  up 
multiprocessor  server  market 


BY  JENNIFER  MEARS 

A  new  breed  of  server  company  is  tar¬ 
geting  customers  unsatisfied  with  the  pro¬ 
cessing  power  of  x86  system  clusters  and 
unwilling  to  pay  steep  prices  for  current 
proprietary  symmetric  multiprocessing 
boxes. 

Two  of  these  start-ups,  Fabric7  Systems 
and  Liquid  Computing,  have  rolled  out 
multiprocessor  servers  built  on  AMD 
Opteron  chips  that  promise  high-end  com¬ 
pute  power  at  prices  lower  than  those  HP 
IBM  and  Sun  usually  charge  for  SMP  boxes. 
In  addition,  the  systems  include  network 
components  that  enable  end  users  to  allo¬ 
cate  not  just  CPU  but  also  I/O  and  band¬ 
width  resources  on  the  fly  to  satisfy  chang¬ 
ing  application  demand. 

It’s  an  idea  similar  to  that  used  by  devel¬ 
opers  of  standards-based  blade  servers 
and  rack-based  server  clusters,  which  use 
high-speed  interconnects  to  enable  work¬ 
loads  to  be  shared  across  systems.  But 
Fabric7  and  Liquid  Computing,  whose 
founders  worked  at  such  network  compa¬ 
nies  as  Nortel  and  Procket  Networks,  take 
the  clustering  idea  a  step  further  by 
including  virtualization  and  network  capa¬ 
bilities  within  a  single  SMP  box. 

“The  real  trick  here  is  marrying  the  inter¬ 
connect  strength  with  commodity  or  off- 
the-shelf  processors,  operating  systems  and 
middleware,”  says  Jonathan  Eunice,  presi¬ 
dent  and  principal  analyst  at  Illuminata. 
“We’re  talking  Windows;  we’re  talking 
Linux.  It’s  standard  middleware.  It’s  not  a 
specialized  design  that  needs  huge 
amounts  of  customization  of  the  whole 
software  stack.” 

Armed  with  about  $45  million  in  venture 
funding  between  them,  Fabric7  and  Liquid 
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Computing  are  targeting  different  markets: 
The  former  positions  its  systems  as  the 
answer  for  enterprise  IT  administrators  bat¬ 
tling  with  underutilized,  proprietary 
midrange  servers,  while  the  latter  is  eyeing 
the  high-performance  computing  segment 
looking  for  unbounded  compute  power. 

But  their  approach  —  combining 
Opteron  processors  and  advanced  net¬ 
work  features  —  is  similar,  and  one  that 
analysts  expect  to  see  more  of  as  enter¬ 
prises  more  widely  embrace  the  idea  of 
data  center  virtualization. 

Roger  Carpenter,  vice  president  of  design 
at  Magma  Design  Automation  in  Santa 
Clara,  Calif.,  which  makes  software  for  chip 
design,  has  been  testing  Fabric7’s  Q160 
since  earlier  this  year.  Carpenter  says  he 
likes  Fabric7’s  approach  because  it  will 
enable  him  to  get  the  processing  power  he 
needs  without  spending  a  lot  of  money  on 
high-end  systems.  A  14-way  Q160  starts  at 
$144,000,  whereas  IBM’s  Web  site  lists  a  12- 
way  Fbwer5-based  p570  system  starting  at 
$165,000. 

“Much  of  [electronic  design  automation] 
software  used  very  expensive  multiprocess¬ 
ing  systems  in  the  past,”  he  says.  “The  trend 
lately  has  been  toward  Linux  and  two-way 
Linux  boxes.” 

But  now  multithreaded  EDA  applications 
are  demanding  more  memory  and  bigger 
multiprocessor  systems  at  different  points 
in  the  design  process,  Carpenter  says. 

“We  need  an  eight-socket  server  so  we 
can  access  all  the  memory  at  the  begin¬ 
ning,  and  then  we  can  switch  to  two  sockets 
when  we  break  [the  workload]  into  small¬ 
er  pieces  and  distribute  the  processing,”  he 
says.  “Without  Fabric7  we  would  have  to 
have  an  eight-way  and  then  two-ways.  So 
this  saves  us  money  and  also  provides  high¬ 
er  performance”  because  of  the  high-speed 
interconnect  within  the  system. 

Dan  Carruthers,  owner  and  president  of 
Permedia  Research  Group,  a  company  in 
Ottawa  that  makes  software  for  the  oil  and 
gas  industry, says  he  considered  using  clus¬ 
ters  of  x86-based  systems  but  decided  that 
they  would  not  be  able  to  support  the  kind 
of  processing  his  customers  need. 

Permedia’s  simulation  software,  MPath, 
uses  parallel  algorithm  modeling  and  has 
heavy  throughput  demands.  Carruthers 
says  commodity  clusters  break  down  after 


Serving  up  flexibility 

Start-up  Fabric7  says  combining 
network  and  compute  power  creates 
a  simpler,  more  flexible  data  center 
infrastructure.  A  look  at  its  0160 
server; 


Ethernet 
interfaces 
(network  I/O) 

B 

Fibre  Channel 
interfaces 
(storage  I/O) 


Fabric7  Q160  server 


□  Supports  up  to  14  dual-core  AMD  Opteron 
processors  and  up  to  176G  bytes  of  memory 
that  can  be  sliced  into  as  many  as  seven 
two-socket  systems  with  virtualized  I/O. 

QUp  to  64  virtual  I/O  interfaces  can  be 
configured  on  the  fly  as  either  Ethernet  or 
Fibre  Channel  with  100M  bit/sec  to  10G 
bit/sec. 

□  Accelerator  modules  provide  server  load 
balancing  and  offload  SSL  and  XML  processing 
for  faster  application  performance. 

□  Internal  crossbar  with  128G  bit/sec  full- 
duplex  switching  connects  the  virtualized 
resources. 


about  32  nodes. 

“If  we  can  get  some  sort  of  linear  scaling 
on  these  things  and  break  through  that  32- 
node  barrier,  then  we’re  really  on  to  some¬ 
thing.  We’re  not  just  throwing  faster  hard¬ 
ware  at  the  same  models,"  he  says. 

Earlier  this  month, Permedia  announced 
that  it  would  use  Liquid  Computing’s 
LiquidlQ  server  to  support  its  simulation 
software. 

“The  only  way  you  can  access  that  kind 
of  computing  performance  [that  our  cus¬ 
tomers  need]  is  on  this  kind  of  specialized 
hardware,”  he  says.  B 
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Virtual  tape  system  adds  security 


BY  DENI  CONNOR 

Neartek,  a  maker  of  virtual  tape  library  systems,  says  the 
latest  version  of  its  appliance  works  better  across  remote 
sites  and  provides  improved  data  security 

Like  earlier  models,  Version  3  of  the  Linux-based  Virtual 
Storage  Engine  sits  between  back-up  servers  and  storage 
arrays.  It  receives  data  from  the  back-up  server  and  saves  it 
to  disk  rather  than  to  tape.  The  software  emulates  writing 
data  to  tape  and  catalogs  backups  as  individual  virtual 
tape  cartridges. 

New  in  Version  3  is  support  for  remote  vaulting.  This 
enables  customers  to  divvy  up  data  into  large  chunks  and 
then  replicate  or  stripe  it  asynchronously  over  IP  to  a 
Neartek  appliance  at  a  remote  site. 

The  appliance,  now  encryption-enabled,  will  work  with 
Network  Appliance’s  Decru  DataFort,  NeoScale  Systems’ 
CryptoStor  appliance  or  Kasten  Chase’s  Assurency 
SecureData  appliances. 

“Encryption  of  tapes  that  are  sent  offsite  is  a  big  need 
for  customers," says  Diane  McAdam, senior  analyst  for  the 
Data  Mobility  Group. “There  is  also  a  need  to  encrypt  the 
backups  that  are  resident  on  disk  [such  as  in  the  case 
with  the  Neartek  offering]  to  prevent  [unauthorized] 
internal  personnel  from  being  able  to  access  sensitive 
information.” 

The  upgraded  system  can  be  used  to  compress  data  by 


factors  of  two  or  three  times.  This  feature  is 
available  via  a  PCI-X  adapter  that  fits  into  the 
appliance. 

Another  new  feature  enables  customers  to 
more  consistently  categorize  storage  media. 

“The  back-up  application  needs  to  know 
what  the  volume  serial  number  of  the  tape 
cartridge  [being  emulated]  is  so  that  it  can 
call  for  the  right  tape  when  a  restore  is 
required,”  McAdam  says. 

Neartek,  founded  in  1994,  also  has  a  version 
of  its  virtual  tape  library  technology  for  HP 
NonStop,  HP  e3000  and  Bull  mainframe  envi¬ 
ronments.  The  Virtual  Storage  Engine  com¬ 
petes  with  products  such  as  EMC’s  Clariion 
Disk  Library,  Sepaton’s  S2100  Virtual  Tape 
Library  System  and  Diligent’s  VTF  Open. 
Unlike  those  products,  Neartek’s  appliance  is 
storage-agnostic. 

The  Virtual  Storage  Engine  is  priced  by  the 
size  of  the  disk  to  which  data  is  backed  up.  A 
2T-byte  configuration,  including  the  disk, 
appliance  and  software,  is  $25,000.  The 
remote  replication  option  costs  $10,000  and 
requires  a  second  VSE  at  the  remote  location. 
The  compression  option  costs  $5,000.  ■ 


The  best  of  both  worlds 


Neartek's  Virtual  Storage  Engine  emulates  the  actions  of  a 
tape  library  and  backs  up  data  to  disk. 
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□  Servers  running  traditional  back-up  software  see  the  disk  subsystem  attached 
to  the  SAN  as  a  tape  library. 

□  The  Virtual  Storage  Engine  appliance  intercepts  data  being  backed  up  and 
manages  media  consistency,  encryption  and  compression. 

E3  When  data  is  stored  to  the  disk  subsystem  it  has  the  volume  serial  number  of 
the  virtual  tape. 

Q  Data  can  be  migrated  to  tape  for  long-term  archiving. 


WIRED  WINDOWS 

Dave  Kearns 


The  Network  MVP  of  the  year  is . . . 


Because  of  the  vagaries  of  the 
calendar  —  and  publishing 
schedules  —  1  need  to  do  some 
tidying  up  a  bit  early  this  year. 
Today  I  want  to  look  back  at  my 
predictions  for  2005  and  hand  out 
another  Network  MVP  award. 
First,  the  prognosticating. 


Last  January  I  made  the  follow¬ 
ing  predictions  (www.network- 
world.com,  DocFinder:  9930): 

1)  Novell’s  Open  Enterprise 
Server  will  surpass  sales  expecta¬ 
tions. 

2)  Microsoft  will  hammer  heavi¬ 
ly  on  licensing  issues  (looking 
very  much  like  subscriptions)  to 
try  to  even  out  the  revenue 
stream. 

3)  As  the  economy  picks  up,  so 
will  merger-and-acquisition  activ¬ 
ity,  especially  in  the  identity- 
management  market. 


4)  Linux  on  the  desktop  finally 
will  become  a  reasonable  alterna¬ 
tive  to  Windows  for  mainline  busi¬ 
ness  organizations. 

On  a  scale  of  1  to  5,  I’d  give 
myself  a  4  for  No.  1,  a  3  for  No.  2,  a 
5  for  No.  3  and  a  4  for  No.4.That’s 
a  grand  total  of  16  out  of  20.  Not 
too  shabby  I’d  say! 

The  Network  MVP  award,  like 
the  MVP  award  in  sports,  is  given 
to  the  person  or  persons  who,  in 
my  estimation,  have  done  the 
most  to  further  their  organiza¬ 
tion’s  network  agenda  during  the 


previous  year.  Sometimes  it’s  a 
large  organization,  sometimes  a 
small  one.  This  year  it’s  an  enor¬ 
mous  one  —  the  behemoth  of 
Redmond  itself,  Microsoft. 

The  award  goes  to  a  man  who,  as 
the  Hollywood  story  goes,  toiled 
hard  for  many  years  to  become 
an  “overnight”  success.  He’s  toiled 
for  Bill  Gates  ever  since  he  (and 
his  company)  were  acquired  in 
1999.  But  this  year  he  broke  forth 
when  he  came  down  from  the 
mountain  with  a  set  of  laws. 

Kim  Cameron  and  his  Seven 
Laws  of  Identity  (DocFinder: 
9931)  have  done  more  to  stimu¬ 
late  talk  about  Identity  Services 
than  even  the  federal  government 
and  its  Sarbanes-Oxley  Act, 
Gramm-Leach-Bliley  Act,  the 
Health  Insurance  Portability  and 
Accountability  Act  and  other  reg¬ 
ulatory  fiats.That  alone  would  get 
Cameron  consideration  for  MVP 
but  there’s  more. 

The  Seven  Laws  and  Cameron  s 
work  on  Microsoft’s  InfoCard 
technology  have  gone  a  long  way 
toward  repairing  the  damage  that 
Redmond’s  “Hailstorm”  fiasco 
(DocFinder:  9932)  created.  It  also 
got  people  interested  in  talking 
to  Microsoft. 


A  year  earlier,  the  company 
would  have  run  away  kicking  and 
screaming.  Some  (such  as  Doc 
Searls,  editor  of  Linux  Journal) 
defended  Microsoft  and  Cameron 
from  attacks  by  the  fringe  mem¬ 
bers  of  the  Linux  and  open- 
source  community  The  MVP  is 
well  deserved.  Sainthood  is  under 
consideration. 

Kearns,  a  former  network 
administrator,  is  a  freelance  writer 
and  consultant  in  Silicon  Valley. 
He  can  be  reached  at 
wired@vquill.  com. 


Tip  of  the  Week 


■  Previous  winners  of  the  Wired 
Windows'  Network  MVP  award  are 
Novell's  Jack  Messman 
(DocFinder:  9933),  HP's  Carly 
Fiorina  (DocFinder:  9934), 

Radiant  Logic's  Michel  Prompt 
(DocFinder:  9935),  Bowstreet's 
Frank  Moss  and  Jack  Serfass 
(DocFinder:  9936),  Directory 
Enabled  Networks'  co-chairs  John 
Strassner  and  Steven  Judd 
(DocFinder:  9937)  and  Novel's 
Eric  Schmidt  (DocFinder:  9938). 


Novell  taps  IBM,  Lucent  veteran  as  GT0 


BY  IDG  NEWS  SERVICE 

Novell  has  appointed  as  its  new  CTO  an  execu¬ 
tive  who  spent  the  past  five  years  at  Lucent  and 
its  Bell  Laboratories  arm  and  20  years  before  that 
at  IBM. 

Jeffrey  Jaffe,  most  recently  president  at  Lucent’s 
Bell  Laboratories,  will  head  up  Novell’s  technology 
direction  and  lead  the  company’s  product  busi¬ 
ness  units,  according  to  a  Novell  statement. 

Reporting  to  the  new  CTO  will  be  David  Patrick, 
Novell's  vice  president  for  Linux,  open  source 
products  and  sendees,  and  Kent  Erickson,  the 
company's  vice  president  for  identity  products. 

Markus  Rex,  Novell’s  CTO  for  Linux, open  source 


platforms  and  services,  will  continue  in  his  cur¬ 
rent  role  working  for  Patrick,  while  Carlos 
Montero-Luque  will  stay  as  CTO  for  identity, 
reporting  to  Erickson,  according  to  a  Novell 
spokesman. 

At  the  end  of  last  month,  Novell  named  Ron 
Hovsepian,  previously  executive  vice  president 
and  president  of  Novell’s  global  field  operations, 
as  its  president  and  COO,  a  role  that  hadn’t  exist¬ 
ed  at  Novell  since  2002. 

In  a  20-year  career  at  IBM,  Jaffe  held  various 
research  roles  including  vice  president  of  systems 
and  software  and  corporate  vice  president  of 
technology.  ■ 
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Microsoft 


Find  tools  and  guidance  to  defend  your 
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gP;  ■  ►  Free  Tools  and  Updates:  Streamline  patch  management 
■p  with  automated  tools  like  Windows  Server  "  Update  Services. 

And  verify  that  your  systems  are  configured  for  maximized 
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"  Microsoft  Security  Assessment  Tool:  Complete  this 

free,  online  self-assessment  to  evaluate  your  organization's 
Vp  security  practices  and  identify  areas  for  improvement. 
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Exchange  and  arm  your  e-mail  server  with  powerful  multi-engine 
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Citigroup  controls  network  resources 


BY  DENISE  DUBIE 

Citigroup  tackled  a  Herculean  task  of  subduing  the  multi¬ 
headed  Hydra  that  emerges  when  large  enterprise  IT  shops 
try  to  scale  network  change  and  configuration  manage¬ 
ment  software  —  and  the  financial  services  company 
came  out  on  top.The  financial  services  company 
submitted  its  project  to  Network  World’s  Enter¬ 
prise  All-Star  Awards  competition,  which  honors 
50  companies  and  their  groundbreaking  tech¬ 
nology  projects,  and  earned  a  spot  among  the 
winners  for  its  large-scale  rollout. 

In  August  2004,  Citigroup’s  Enterprise  Systems 
Service  team,  which  is  part  of  the  company’s 
Technology  Infrastructure  division  in  New  York,  realized 
that  proprietary  tools  and  manual  efforts  could  no  longer 
keep  the  threats  caused  by  inconsistent  configuration-man¬ 
agement  practices  at  bay.  The  team  then  led  a  two-phase 
project  for  the  $17  billion  company 

As  simple  as  it  may  sound,  maintaining  an  accurate, up-to- 
date  record  of  network-device  inventory  operating  system 
and  configuration  becomes  exponentially  more  challeng¬ 
ing  as  devices  multiply  vendors  vary  and  data  collected 
from  the  devices  differs.  Add  to  that  challenge  the  numer¬ 


ous  changes  that  occur  on  any  given  day  —  some  of  which 
may  require  distributing  a  patch  to  several  routers  and 
switches,  for  example  —  and  IT  managers  face  potential 
network  failure,  customer-service  worries  and  imminent 
security  threats. 

According  to  market  research  firm  Enterprise 
Management  Associates,  60%  of  network  down¬ 
time  is  caused  by  human  error  during  device 
configuration.  There’s  also  potential  for  error 
when  real-time  emergencies  such  as  viruses  or 
worms  occur.  To  address  the  complexity  of  the 
problem,  network  change- 
and  configuration-manage¬ 
ment  vendors  typically  automate  the 
process  of  collecting  multivendor  con¬ 
figurations  and  maintaining  them  in  a 
database. 

Citigroup’s  project  found  the  Enter¬ 
prise  Systems  Service  team  exploring 
niche  vendors  with  products  that 
promised  to  eliminate  the  manual  effort 
of  collecting  configurations  in  heteroge¬ 
neous  enterprise  networks.  These  ven¬ 


dors  put  into  software  the  dirty  work  —  telneting  into 
devices  and  scraping  configurations,  for  example  —  typi¬ 
cally  performed  manually  by  network  operations  staff. 
Such  tools  also  incorporate  configuration  details  garnered 
from  equipment  vendors,  which  reduces  the  need  for 
device-specific  experts  within  a  single  IT  shop.  “We  were 
looking  for  a  product  that  would  provide  all  the  reporting, 
governance,  inventory  and  configuration  features  such  as 
rollout  and  rollback,  which  we  did  manually  as  well  as 
some  best-practice  workflow  and  processes,”  says  a  Citi¬ 
group  IT  official  who,  because  of  corporate  policy  cannot 
be  identified. 

Following  a  $1.5  million  investment  in 
software,  hardware  and  overall  man¬ 
power  costs  for  Phase  1  ,the  company  re¬ 
ports  it  began  seeing  benefits  within 
three  months  of  installing  network 
change-  and  configuration-manage¬ 
ment  software  from  AlterFbint. Within  six 
months,  the  company  significantly  re¬ 
duced  the  time  it  required  to  manage 
access  lists  across  devices  —  from  four 
See  Citigroup,  page  28 
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Quest  extends  Windows-Linux  integration 


B  Business  Objects  has  upgraded  its 
suite  of  business  intelligence  software 
with  an  application  that  lets  nontech¬ 
nical  users  generate  reports  and 
queries  from  company  data.  The  appli¬ 
cation  —  BusinessObjects  Intel¬ 
ligent  Question  —  in  Business 
Objects  XI  Release  2  lets  users  create 
queries  in  their  everyday  language  by 
answering  questions  from  drop-down 
menus.  A  sales  executive  could  ask  for 
a  list  of  customers  in  the  top  25%  of 
buyers  by  revenue  for  a  region.  The 
application  attempts  to  prevent  users 
from  making  invalid  queries  by  steer¬ 
ing  them  through  questions  they  ask.  It 
provides  more  information  about  where 
data  used  by  the  applications  comes 
from  and  when  it  was  updated,  to  help 
companies  meet  regulatory  require¬ 
ments  for  ensuring  that  information 
they  report  is  current  and  accurate. 


BY  JOHN  FONTANA 

Quest  Software,  which  has  been  building 
a  cross-platform  bridge  between  Linux  and 
Windows  systems,  is  expected  to  release 
early  next  year  a  tool  that  lets  users  monitor 
the  open  source  operating  system  from 
their  Microsoft  management  consoles. 

Quest’s  Vintela  Systems  Monitor  (VMS) 
1.0  plugs  into  and  expands  the  monitoring 
and  performance  tool  Microsoft  Opera¬ 
tions  Manager  (MOM)  to  include  Linux 
and  Unix  servers,  giving  IT  departments  a 
centralized  console  for  monitoring  their 
server  environments. VMS  works  with  MOM 
2005  and  extends  to  the  AIX,  HP-UX,  Solaris, 
SuSE  and  Red  Hat  platforms. 

“A  lot  of  users  find  they  are  engaging  in 
swivel-chair  management,  going  from 
one  console  to  another,”  says  Andi  Mann, 
an  analyst  with  consulting  firm  Enter¬ 
prise  Management  Associates.  “The  trend 
toward  using  appliances,  blades  and 
racks  means  that  Linux  is  an  attractive 
option.  If  users  pick  that  option  they  have 


to  think  about  monitoring  and  managing 
it,”  Mann  says. 

Mann  says  Quest  is  slipping  VMS  between 
the  options  of  a  fully  manual  scripting  man¬ 
agement  environment,  and  full-blown  and 
costly  systems  management  platforms  from 
Computer  Associates,  HP  and  IBM.  MOM 
2005  has  a  feature  called  the  Connector 
Framework  that  permits  integration  with 
those  management  platforms. 

MOM  uses  a  set  of  agents  that  run  on 
servers  and  applications  and  allow  it  to 
track  application  state,  monitor  the  health 
of  servers,  and  correct  errors  or  restart  ser¬ 
vices  or  entire  servers.  VMS  is  one  such 
agent,  which  hooks  into  MOM’s  Admin¬ 
istrator,  Operator  and  Web  consoles  and  the 
MOM  reporting  engine. 

With  VMS,  Quest  has  created  manage¬ 
ment  packs  for  Unix  and  Linux  that  let 
users  configure  and  monitor  server  per¬ 
formance  and  availability. 

Quest  has  included  a  framework  so 
users  can  author  their  own  management 


packs  for  Unix-  or  Linux-based  systems, 
applications  or  services. 

“Our  agent  is  built  on  standards,  Open 
[Web-based  Enterprise  Management]  and 
Universal  Management  Instrumentation, 
which  is  key  to  Systems  Monitor. This  is  not 
just  parsing  syslogs;  we  are  working  across 
standards  so  users  can  build  management 
packs  on  their  own  that  sit  on  this, "says  Paul 
Barcoe-Walsh,  director  of  product  manage¬ 
ment  for  Quest. 

VMS  is  the  latest  cross-platform  software 
from  Quest,  which  acquired  Vintela  earlier 
this  year.The  company  is  developing  a  line 
of  tools  that  extend  Windows  features  — 
such  as  Active  Directory  administration, 
password  reset  and  group  policy  —  to  the 
Unix  and  Linux  platforms.  The  company 
competes  with  BindView,  NetlQ  and  Net- 
Pro  in  Microsoft  infrastructure  manage¬ 
ment  and  with  Centrify  in  Unix  and  Linux 
integration. 

VMS  is  in  beta  testing  and  is  slated  to  ship 
in  January  Pricing  has  not  been  set.  B 
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’Net  governance:  A  chatty  whimper 


NET  INSIDER 

Scott  Bradner 


The  second  phase  of  the  World 
Summit  on  the  Information 
Society  finished  up  earlier  this 
month  in  Tunis,  and  the  surprising 
thing  is  how  little  actually  hap¬ 
pened, considering  the  buildup  to 
it  and  the  potential  for  trouble. 

The  International  Telecommuni¬ 
cation  Union  (ITU)  proposed  the 
WSIS  in  1998  to  examine  “the  in¬ 
terpenetration  between  issues  of 
telecommunication  development 
and  those  of  economic,  social 
and  cultural  development,  as  well 
as  the  impact  of  such  interpene¬ 
tration  on  social  structures”  of 
countries. 


The  idea  also  was  to  recognize 
“that  ITU  is  the  organization  best 
able  to  seek  appropriate  ways  to 
provide  for  development  of  the 
telecommunication  sector  geared 
to  economic,  social  and  cultural 
development.” 

While  not  everyone  might 
agree  with  the  latter  recognition, 
the  current  and  future  impact  of 
information  technology  on  soci¬ 
ety  is  unquestioned  and  much 
worried  about. 

With  the  support  of  the  United 
Nations,  the  ITU  decided  to  hold 
the  WSIS  in  two  phases.  The  first 
phase  took  the  form  of  a  meeting 
in  Geneva  in  December  2003.That 
led  to  the  UN  forming  a  Working 
Group  on  Internet  Governance  to 
explore  the  issues  and  produce  a 
report  (www.networkworld.com, 
DocFinder:  9940)  to  be  used  as 
input  to  the  second  phase  of 
WSIS,  which  was  the  just-con¬ 


cluded  meeting  in  Tunis. 

There  were  some  very  hot  issues 
going  into  the  Tunis  meeting,  with 
the  hottest  being  the  manage¬ 
ment  and  oversight  of  the  core  In¬ 
ternet  technical  support  functions 
performed  by  the  Internet  Corpor¬ 
ation  for  Assigned  Names  and 
Numbers  (ICANN)  under  a  con¬ 
tract  with  and  supervision  from 
the  U.S.  government. 

A  lot  of  other  world  govern¬ 
ments  said  it  was  high  time  that 
the  United  States  relinquished 
sole  control  over  these  functions. 
Some  also  thought  it  might  be 
time  to  replace  ICANN  with 
another  organization,  maybe  even 
the  ITU,  that  would  be  more  con¬ 
trolled  by  governments  and  re¬ 
sponsive  to  their  interests. 

The  U.S.  basically  said  no,  and 
after  a  tense  preparatory  meeting 
in  Tunis  just  before  the  formal 
WSIS  gathering,  the  U.S.  basically 


got  its  way  ICANN  will  continue  to 
be  the  top  of  the  pyramid  for 
domain  names  and  IP  address 
assignments  under  the  sole  super¬ 
vision  of  the  U.S.  government. 

As  part  of  the  agreement,  the 
UN  will  create  an  Internet  Gov¬ 
ernance  Forum  that  will  have  “no 
binding  authority”  but  will  de¬ 
bate  Internet  governance  issues 
and  advise  ICANN  and  others  of 
its  deliberations.  This  seems  fully 
status  quo,  but  some  countries 
claim  that  the  U.  S.  agreed  to 
eventually  relinquish  sole  con¬ 
trol,  a  claim  with  which  U.S.  offi¬ 
cials  disagree. 

Much  of  the  final  WSIS  agree¬ 
ment  —  the  “Tunis  Agenda  for  the 
Information  Society”  (DocFinder: 
9941)  —  is  dedicated  to  the  same 
type  of  issue  that  dominates  most 
reports  of  international  summits 
—  the  inequitable  distribution  of 
some  resource,  in  this  case  infor¬ 


mation  technology,  among  parts 
of  the  world. 

A  lot  of  words  were  said  about  a 
lot  of  topics  in  Tunis,  but  when  the 
meeting  ended,  the  expected  fire¬ 
works  had  fizzled  and  the  status 
quo  had  been  preserved. 

Hardly  a  monumental  outcome 
for  the  18,000-plus  folks  who  gath¬ 
ered  in  the  North  African  heat  and 
traffic  (DocFinder:  9942).  And  to 
think  that  the  new  Internet 
Governance  Forum  will  soon  pro¬ 
vide  opportunities  to  do  more  of 
the  same. 

Disclaimer:  Harvard  presents 
numerous  opportunities  for  sum¬ 
mit-type  meetings  to  fizzle  or  to 
sizzle,  but  this  review  of  WSIS  in 
Tunis  is  my  own. 

Bradner  is  a  consultant  with 
Harvard  University's  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 


Capturing  configuration 

Citigroup  has  launched  an  IT  initiative  that  will  eliminate  the  manual  efforts 
required  to  manage  network  device  change  and  configuration  across 
thousands  of  distributed  devices. 


Citigroup 
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or  five  staff  members  working  for  three 
days  to  one  staff  member  working  for 
three  to  seven  hours.  And  Citigroup 
reduced  manual  remediation  from  75%  to 
less  than  1  %.  Citigroup  says  the  gain  is  400% 
to  500%  improvements  in  staff  scalability. 

Although  it  used  AlterPoint  Device- 
Authority  as  the  core,  the  IT  team  built  its 
own  Web-based  portals  to  address 
Citigroup-specific  features  and  workflows 
that  were  not  strategic  for  AlterPoint  to 
develop  or  not  planned  until  a  later  stage  in 
the  vendors  road  map,  the  IT  official  says. 

Citigroup  built  extensively  around  the 
AlterPoint  product  to  provide  the  overall 
solution  that  internal  clients  needed,  lever¬ 
aging  the  vendor  API.  The  driving  factor 
overall  was  to  find  a  scalable  solution,  ide¬ 
ally  one  that  was  comprehensive  enough 
to  reconsolidate  related  features  that 
Citigroup  had  decoupled  to  address  the 
limits  to  scalability  of  industry  and  inter¬ 
nally  developed  tools,  Citigroup  says. 

Citigroup,  which  supports  more  than 
44,000  network  devices  worldwide,  was 
faced  with  "complexity  inflation”and  a  lack 
of  scalable  management  tools  to  keep  com¬ 
plexity  in  check, Citigroup  says. 

Among  Citigroup’s  specific  challenges 
were  regular  maintenance  processes  re¬ 
quiring  multiple  staff  members  and  far  too 
many  man-hours.  “We  were  spending  90% 
of  our  time  dealing  with  compliance,  mak¬ 
ing  sure  our  processes  and  devices  were 
compliant  to  regulatory  and  internal 
Citigroup  mandates,  in  an  ISO  9000-like 


environment.” 

ISO  9000  is  a  worldwide  quality  standard, 
and  certification  requires  businesses  to 
have  documented, repeatable  processes  for 
ensuring  that  they  deliver  quality  products. 
Citigroup  wanted  a  better  method  to  keep 
its  devices  in  line  with  not  only  ISO  9000 
but  also  the  SarbanesOxley  Act,  other  in¬ 
formation  security  requirements  and  inter¬ 
nal  security  policies. 

Compliance  wasn’t  Citigroup's  only 
concern.  The  Enterprise  Systems  Ser¬ 
vices  group  also  wanted  to  associate  the 
company’s  network  devices  to  the  busi¬ 
ness  and  tag  assets  with  priorities  rele¬ 
vant  to  Citigroup  clients,  both  internal 


and  external. 

“We  needed  to  be  able  to  do  business¬ 
tagging  in  relation  to  the  clients  that  go 
through  the  device  so  we  could  quickly 
answer  questions,  such  as  ‘Is  that  device 
part  of  Tier  1, 2  or  3?’  to  determine  how 
critical  the  device  is,”  the  IT  official  says. 
“That  way  we  could  more  quickly  deter¬ 
mine  where  we  could  shut  off  the  valve 
during  a  worm  or  other  attack,  before  it 
affected  the  organization  and  the 
clients." 

With  some  48  criteria  to  consider  —  in¬ 
cluding  business,  technology,  product-sup¬ 
port  features  and  user  reaction  —  Citigroup 
decided  on  AlterFbint’s  DeviceAuthority 


Suite  for  its  diverse  device  support  and  ven¬ 
dor  stability. 

The  suite  includes  a  server,  a  set  of 
adapters  and  an  Open  Database 
Connectivity-compliant  database.  It  has  two 
application  components,  the  Audit  Module 
for  inventory  reporting  and  the  Update 
Module,  which  automates  mass  configura¬ 
tion  changes  across  any  range  of  devices. 
The  suite  supports  more  than  1,000  net¬ 
work  devices  from  25  manufacturers,  and 
audits  in  real  time  any  change  made  to  any 
of  those  devices. 

Citigroup  installed  DeviceAuthority  on 
servers  in  its  geographically  dispersed 
data  centers,  poked  the  appropriate 
holes  in  company  firewalls,  and  kicked 
off  an  internally  developed  device-dis¬ 
covery  process,  which  reported  back 
hardware  and  software  configuration 
data  from  every  device  to  be  managed. 
This  process  compared  devices  from 
Citigroup’s  internal  network-asset  inven¬ 
tory  with  those  in  its  network  fault-mon¬ 
itoring  systems,  and  reconciled  the 
devices’  configurations  in  the  different 
systems  against  the  devices  themselves 
using  DeviceAuthority  Suite’s  APIs. 

With  some  28,000  of  its  44,000  devices 
being  managed  with  DeviceAuthority, 
Citigroup  says  it’s  poised  to  enter  Phase 
2  of  the  implementation,  which  will 
broaden  the  scope  of  the  AlterPbint  soft¬ 
ware  to  include  other  router  and  switch 
vendors  such  as  Nortel  and  Juniper 
Networks,  and  potentially  will  add  other 
IP-based  devices  that  support  the  net¬ 
work,  such  as  load  balancers  and  com¬ 
pression  appliances.  ■ 


Juniper  Ulo^  N 


rewfc  Tll2r  n 


et  sffl1  ,$P61 


" l ,c 


ihem, 1 


,  5^ 

'•fcU 


it 


»  Remote  users  calling  it  quits?  You  need  Secure  and  Assured  application  acceleration, 
only  from  Juniper  Networks.  It  means  superior  application  delivery  and  performance  for 
all  users  -  employees,  customers  and  partners.  Plus  increased  control,  and  improved 
productivity.  For  more  info,  visit  www.juniper.net/appaccel 
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Buy  a  Supe 
Wireless  Network... 

Get  the  Backyard  Free! 


with  SRX200 


The  affordable  Linksys  SRX200  Wireless-G  Gateway  with  Speed  and 
Range  Expansion  can  double  the  coverage  of  a  typical  Wireless-G 
network  and  reduce  dead  spots,  with  speeds  up  to  6X  faster.  Surf  the 
web,  share  files,  work  and  play  in  places  that  you  never  thought  were 
possible.  Get  a  wireless  network  that  goes  the  distance! 

-  MIMO  technology  works  with  all  standard  802.1 1  b  and  802.1 1  g  products 

-  Improves  range  up  to  2X  and  performance  up  to  6X  over  standard  Wireless-G 

-  Enhanced  security 

Linksys® 

Partner 

Connection 


Linksys.  Nobody  makes  networking  easier! 


Visit  www.linksys.com  today  for 
product  details,  or  call  our  Advice  Line  at: 


11.28.05  •  www.networkworld.com  *  31 


NET.W0BKER 

(8  PRODUCTS,  SERVICES  AND  STRATEGIES  FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


Short  Takes 


■  Ascendent  Systems  has  unveiled 
a  version  of  its  PowerConnect  suite, 
which  is  designed  to  extend  telephone 
features  to  any  phone  an  employee 
has  access  to  while  working  offsite. 
Version  4.1  adds  presence  applica¬ 
tions  that  let  users  display  their  avail¬ 
ability  and  also  see  whether  col¬ 
leagues  are  logged  on  and  available 
to  communicate  via  phone,  e-mail  or 
video.  Additional  features  include  four¬ 
digit  dialing,  enhanced  Session 
Initiation  Protocol  support,  and 
upgraded  password  management 
and  profile  administration  tools. 
Enterprise  pricing  for  PowerConnect 
4.1  starts  at  $40,000. 

■  Sales  of  small  office/home- 
office  wireless  LAN  equipment 

grew  only  2%  in  the  third  quarter  of 
2005  —  much  less  than  the  10-plus 
percentage  increases  posted  in  the 
third  quarter  of  2004  and  the  third 
quarter  of  2003,  according  to  the 
Dell'Oro  Group.  The  SOHO  WLAN 
market  is  seeing  increased  competi¬ 
tion  from  DSL  customer  premises 
equipment  with  integrated  WLAN 
features,  the  firm  says.  The  group 
also  notes  that,  although  many 
SOHO  customers  are  hesitant  to  up¬ 
grade  their  802.1 1g  equipment,  more 
will  upgrade  once  standard  802.1  In 
products  are  available,  to  take  advan¬ 
tage  of  the  technology's  enhanced 
speed  and  coverage.  Linksys,  Net- 
gear,  D-Link  and  Buffalo  Technologies 
are  the  top  four  companies  in  the 
SOHO  WLAN  arena,  Dell'Oro  says. 

■  Compuware  has  unveiled  a  new 
version  of  its  Vantage  application- 
management  suite,  which  is  aimed  at 
helping  applications  perform  better. 
Vantage  9.8  supports  agentless  moni¬ 
toring,  which  lets  IT  staff  keep  tabs 
on  the  performance  that  remote 
workers  and  telecommuters  are  expe¬ 
riencing,  with  no  preinstalled  agents 
required.  The  new  monitoring  capabil¬ 
ities  are  based  on  technology  Compu¬ 
ware  gained  by  acquiring  Adlex  earli¬ 
er  this  year.  Compuware  also  added 
tools  for  better  diagnosing  problems 
caused  by  Java.  Pricing  for  Vantage 
9.8  starts  at  $30,000. 


Legislators  rally  for  teleworking 


BY  ANN  BEDNARZ 

Lawmakers  have  been  making  noise  on 
the  telework  front  lately,  with  legislatures 
convening  to  discuss  what  government 
agencies  and  corporations  are  doing  to 
help  the  U.S.  workforce  deal  with  volatile 
gas  prices. 

While  gas  prices  have  fallen  from  $3-per- 
gallon  highs  in  September  to  pre- 
Hurricane  Katrina  levels, the  national  aver¬ 
age  is  still  $2.37  per  gallon  —  up  38  cents 
over  last  year,  said  Rep.  Jon  Porter  (R-Nev.), 
who  also  is  chairman  of  the  Congressional 
subcommittee  on  the  federal  workforce 
and  agency  organization.  “That  increase 
has  caused  people  to  reevaluate  their 
finances  and  commuting  habits,  since  it  is 
no  longer  economically  feasible  for  many 
American  families  to  fill  up  their  vehicles 
every  week.” 

Porter  made  these  remarks  in  a  hearing 
he  hosted  earlier  this  month  to  discuss 
what  can  be  done  to  lessen  the  effects  of 
high  gas  prices  on  employees.  Teleworking 
has  received  a  lot  of  attention,  but  neither 
agencies  nor  employees  have  taken  advan¬ 
tage  of  telework  programs  to  the  degree 
that  Congress  would  like  them  to,  Porter 
said. 

Among  the  witnesses  to  testify  at  the 
hearing  was  Rep.  Frank  Wolf  (R-Va.),  who 
has  spearheaded  an  effort  to  require  agen¬ 
cies  to  comply  with  congressionally  man¬ 
dated  telework  requirements  or  risk  losing 
funding.  Several  agencies  remain  in  viola¬ 
tion  of  2001  legislation  that  requires  all 
federal  agencies  by  year-end  to  allow 
every  eligible  employee  who  wants  to  tele¬ 
work  —  and  whose  job  lends  itself  to  tele¬ 
work  —  to  do  so. 

“Just  last  week  I  was  contacted  by  several 
constituents  with  the  Bureau  of  Prisons 
and  the  Farm  Service  Agency  who  are 
being  denied  their  right  to  telework.  This 
kind  of  attitude  by  federal  agencies  must 
end,”Wolf  said. 

Wolf  inserted  a  provision  in  2005  and 
2006  spending  bills  to  withhold  $5  million 
from  the  budgets  of  the  departments  of 
Commerce,  Justice  and  State  and  NASA, 
until  they  meet  telecommuting  mandates. 
These  agencies  also  are  required  to  instate 
a  telework  coordinator  and  regularly  report 
on  the  number  of  their  employees  who 
telecommute. 

“1  hope  these  provisions  will  get  the  tele¬ 
work  point  across  and  the  agencies,  from 
the  top  down,  will  start  taking  telework  seri- 


Something  to  lose 

Federal  government  employees 
typically  spend  more  time  commuting 
than  they  do  on  vacation,  according 
to  new  research  from  the  Telework 
Exchange. 

Every  year,  a  typical  federal  employee 
who  commutes  five  days  per  week: 

•  Spends  $10,580  on  commuting  costs. 

•  Disperses  8  tons  of  pollutants  into  the 
environment. 

•  Spends  245  hours  commuting. 

A  typical  federal  employee  who  works 
from  home  two  days  a  week: 

•  Shaves  $4,372  off  commuting  costs. 

•  Spares  the  environment  3.6  tons  of  pollutants. 

•  Gets  back  98  hours  of  free  time. 

SOURCE:  3,500  FEDERAL  GOVERNMENT  EMPLOYEES 
REGISTERED  WITHTELEWORK  EXCHANGE. 


ousiy’ Wolf  testified.“I  do  not  like  having  to 
be  so  heavy-handed  and  threaten  to  with¬ 
hold  funding,  but  if  that  is  what  it  is  going  to 
take  to  get  the  point  across  to  federal 
agency  managers,  then  that  is  what  I  will 
continue  to  do.” 

Rep.  Danny  Davis  (D-lll.),  ranking 
member  of  the  subcommittee,  acknowl¬ 
edged  in  his  testimony  that  telecommut¬ 
ing  is  known  for  benefits  such  as  reduc¬ 
ing  traffic  congestion,  and  improving 
employee  recruitment  and  retention. 
Davis  also  championed  another  reason 
to  push  federal  agencies  to  implement 
the  infrastructure  and  work  processes 
necessary  to  support  telecommuting: 
emergency  preparedness  and  the  threat 
of  terrorism. 

Davis  introduced  legislation  that  would 
require  the  governments  Chief  Human 
Capital  Officer  Council  to  conduct  a  10-day 
demonstration  project  that  broadly  relies 
on  employees  working  from  alternative 
work  sites,  including  their  homes. 

“The  outcome  of  the  demonstration  pro¬ 
ject  would  provide  agencies  and  Congress 
with  approaches  for  gaining  flexibility  and 
identifying  work  processes  that  should  be 
implemented  during  an  extended  emer¬ 
gency’  Davis  said  at  the  hearing. “The  num¬ 


ber  and  types  of  potential  emergency  inter¬ 
ruptions  are  unknown, and  we  must  be  pre¬ 
pared,  in  advance  of  an  incident,  with  the 
work  processes  and  infrastructure  needed 
to  reestablish  agency  operations.” 

The  hearing  also  drew  testimony  from 
the  private  sector,  including  Steve  Hill, 
president  of  Silver  State  Materials.  The  Las 
Vegas  concrete  supply  company  purchas¬ 
es  roughly  140,000  gallons  of  fuel  each 
month,  and  escalating  prices  have  creat¬ 
ed  a  big  discrepancy  between  its  2005 
budgeted  fuel  price  of  $1.75  per  gallon 
and  its  actual  average  fuel  price  of  $2.41 
per  gallon. 

“If  the  average  price  for  fuel  remains  at 
$2.41  per  gallon  through  the  end  of  2005, 
the  ultimate  additional  cost  to  Silver  State 
Materials,  as  compared  to  our  budget,  will 
be  approximately  $2,200,000,”  Hill  testified 
at  the  hearing.“To  put  that  amount  into  per¬ 
spective,  that  equates  to  over  $11,000  per 
employee  —  more  than  our  total  cost  of 
providing  healthcare  to  those  same 
employees.” 

Hill  advocates,  among  other  measures, 
federal  assistance  to  help  businesses  accu¬ 
rately  forecast  the  price  of  fuel,  as  well  as 
federal  assistance  to  help  accelerate  the 
use  of  alternative  fuels. 

Steve  O’Keeffe,  executive  director  of  the 
Telework  Exchange,  reiterated  the  idea  that 
federal  agencies  need  to  accelerate  tele¬ 
work  adoption  to  reduce  employees’  com¬ 
muting  costs.  “The  gasoline  price  hikes  of 
September  2005  drove  a  real-income  salary 
reduction  of  $526.25  for  the  average  feder¬ 
al  employee.  The  increases  drove  a  42.6% 
increase  in  America’s  commuting  costs,” 
O’Keeffe  said. 

New  research  from  Telework  Exchange 
shows  that  federal  employees  are  interest¬ 
ed  in  teleworking,  but  adoption  barriers 
remain.  Although  the  federal  govern¬ 
ment’s  Office  of  Personnel  Management 
reports  that  close  to  100%  of  agencies 
have  a  telework  plan, just  56%  of  3,500  sur¬ 
vey  respondents  are  aware  their  agency 
has  a  telework  plan.  In  addition,  only  21% 
of  respondents  believe  they  can  readily 
access  that  plan. 

If  all  eligible  federal  employees  were  to 
telework  two  days  per  week,  the  federal 
workforce  would  realize  collective  savings 
of  $3.3  billion  and  spare  2.7  million  tons  of 
pollutants  from  being  dispersed  into  the 
environment  each  year,  the  Telework 
Exchange  reports.  ■ 
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TECHNOLOGY  THAT  GETS  YOU 


EVERYTHING’S 


Affordable,  reliable,  easy  to  manage:  eServer  xSeries  with  Intel®  Xeon™  Processors 


IBM  eServer  xSeries  226  Express 


An  entry-level  2-way  server  that 
offers  the  reliability  and 
performance  needed  for  day-to- 
day  computing.  Easy  to  set  up 
and  deploy,  with  access  to  all 
major  system  components. 


System  features 


Up  to  two  Intel®  Xeon™ 
Processors  3GHz/2MB 


Two-way  tower  with 
rack  capability 

Up  to  6  hot-swappable 
SCSI  hard  disk  drives 


Integrated  RAID  0,1 
Limited  warranty:  up  to  3 
years  on-site3 


From  $1,6394* 

(Other  configurations  as  low  as  $1,229) 


IBM  Financing  Advantage 

Onl\  $46  per  month5 


I  eServer  xSeries  346  Express 


Help  maximize  performance  and 
improve  availability  in  a  rack 
dense  environment  with 
Xtended  Design  Architecture™ 
Includes  Calibrated  Vectored 
Cooling,  an  IBM  innovation  that 
helps  increase  uptime. 


System  features 


Up  to  two  Intel®  Xeon™ 
Processors  3GHz/2MB 


Two-way  2U  rack  server 

Up  to  16GB  DDR2  memory 
using  8  DIMM  slots  with 
enhanced  memory 

Limited  warranty: 

3  years  on-site3 


From  $3,3154* 

(Other  configurations  as  low  as  $2,219) 


IBM  Financing  Advantage 

Only  $93  per  month5 


IBM  eServer  xSeries  260  Express 


IBM’s  newest  third-generation 
Enterprise  X-Architecture® 
server.  Designed  for  companies 
looking  for  database,  e-mail, 
Web/e-commerce  or  consolidated 
application  serving. 


System  features 


Up  to  four  64-bit  Intel®  Xeon™ 
Processors  MP,  up  to  3.66GHz 


Four-way  tower  or  7U  rack 
capability 


Up  to  3.6TB  hot-swappable 
SAS  (serial  attach  SCSI) 
hard  disk  storage 


Up  to  64GB  of  memory  with 
advanced  memory  protection 

Limited  warranty:  3  years  on-site3 


From  $5,3994* 

(Other  configurations  as  low  as  $4,599) 


IBM  Financing  Advantage 

Only  $151  per  month5 


IBM  TotalStorage®  Simplify  storage  management  to  improve  productivity 
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Flexible  and  easy  to  use 


IBM  eServer  BladeCenter  HS20  Express 

Offers  extreme  flexibility  and 
scalability,  plus  it  helps  to 
consolidate  and  simplify  your 
infrastructure.  Helps  reduce 
power  consumption  and  save 
valuable  floor  space. 


System  features 

Up  to  two  Intel®  Xeon™ 
Processors  3.20GHz/2MB 
Up  to  14  blades  per  chassis 

Supports  both  32- 
and  64-bit  applications 
IBM  Director2 

Limited  warranty: 

3  years  on-site3 


From  $2,8994* 

(Other  configurations  as  low  as  $1,669) 


IBM  Financing  Advantage 

Only  $81  oer  month5 


IBM  TotalStorage  DS300  Express 


System  features 


wm 


This  entry-level,  cost-effective  iSCSI  host- 
attached  storage  system  utilizes  your  existing 
network  infrastructure  to  deliver  advanced 
functionality.  Provides  an  exceptional  SAN 
storage  solution  with  xSeries  servers  for 
e-mail/file/print. 


3U  rack  mount  entry-level 
with  two  controllers 
Support  for  up  to  14 

Ultra320  SCSI  disk  drives 


Starts  at  584GB  / 
scales  to  4.2TB6 

Limited  warranty:  1  year 
on-site3 


From  $6,4554* 

(Other  configurations  as  low  as  $2,995) 


IBM  Financing  Advantage 

Only  $180  per  month5 


•  All  press  are  IBM  s  i-siimaed  retail  selling  prices  as  of  September  13. 2005  Prices  may  vary  according  to  configuration  Resellers  set  tbeir  own  prices,  so  reseller  prices  to  end  users  may  vary  Products  are  subiect  to  availability  This  document  was  developed  lor  oftenr 
nr  the  United  Slates  IBM  may  not  otter  the  products  features,  m  services  discussed  in  this  document  in  other  countries  I  IBM  Director  is  not  available  on  TotalStorage  products.  2  IBM  Director  must  be  installed  Products  included  in  IBM  Express  Servers  and  Storage  n 
ilso  be  puidused  sepauteiy  3  Telepnone  support  may  be  subiect  to  additional  charges  For  on-site  labor.  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician  On-sile  warranty  is  available  onfy  for  selected  components  4  Prices  sub 
to  change  without  notice  Slatting  price  may  not  include  a  hard  dove,  operating  system  or  other  features  Contact  your  IBM  representative  or  IBM  Business  Partner  lor  the  most  cunent  pricing  in  your  geography  5  IBM  Global  Financing  offerings  are  provided  through  H 


USED  TO  SAYING: 
UNDER  CONTROL!’ 


IBM  Express  Servers  and  Storage ™  for  mid-sized  business. 

Know  an  U.  person  who  doesn’t  like  to  hear  that  “everything’s  under  control”? 
We  don’t.  That’s  why  we  offer  an  innovative  management  tool  called  IBM 
Director  that  can  alert  your  I.  T.  people  to  potential  problems  up  to  48  hours  in 
advance! 

And  our  Calibrated  Vectored  Cooling  on  select  xSeries*  servers  helps  cool  your 
systems  more  efficiently  Packing  more  servers  into  a  single  rack.  Helping  to 
save  space,  energy,  money. 

With  IBM  Express,  innovation  comes  standard.  That’s  true  for  servers,  storage 
and  printers.  Your  local  IBM  Business  Partner  can  tell  you  more.  And  remember, 
you  can  keep  your  technology  current  while  helping  to  reduce  costs  -  through 
IBM  Global  Financing. 

Excited?  No  need  to  control  yourself.  Get  started  today. 


Save  time.  Save  costs.  Save  the  day!  (Optimize your  I.T.) 

ibm.com/systems/innovatel 

1  800-IBM-7777  mention  104CE04A 


IBM  TotalStorage  DS400  Express 


System  features 


Exceptional  entry-level  solution  for  workgroup 
storage  needs.  With  advanced  functionality, 
the  DS400  supports  xSeries  servers  and 
utilizes  hot-swap  Ultra320  SCSI  drives  for 
high  reliability. 


3U  rack  mount  entry-level  with  up  to  Starts  at  584GB  /  scales  to  12TB6 
two  controllers 

2GB  Fibre  Channel  storage  systems  Limited  warranty:  1  year  on-site3 
area  network  (SAN) 

From  $8,4954*  IBM  Financing  Advantage 

(Other  configurations  as  low  as  $4,995)  Only  $237  per  month5 


Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  lor  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  (actors.  Lease  otter  provided  is 
based  on  a  FMV  lease  of  36  monthly  payments.  Other  restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  6  Denotes  raw  storage  capacity  Usable  capacity  may  be  less  IBM.  the  IBM  logo,  eServer,  BladeCenter.  xSeries. 
TotalStorage.  IBM  Express  Servers  and  Storage,  Enterprise  X-Architecture  and  Xtended  Design  Architecture  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Intel.  Intel  Inside,  the  Intel  Inside 
logo,  and  Intel  Xeon  are  trademarks  or  registered  trademarks  ol  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2005  IBM  Corporation.  All  rights  reserved 
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Lucent  gaining  momentum  behind  IMS 


BY  JIM  DUFFY 

Lucent  is  riding  a  new  wave  of  momen¬ 
tum  thanks  to  high-profile  convergence 
contracts  and  growth  on  revenue  and  prof¬ 
it  margin  over  the  past  year. 

The  company  has  landed  BellSouth,  SBC 
and  Cingular  Wireless  as  customers  for  IP 
Multimedia  Subsystem  (IMS)  products  and 
services.  IMS  is  an  architecture  for  next-gen¬ 
eration  telecom  networks  that  supports 
voice,  video  and  data  integration  over  wire- 
line  and  wireless  networks,  with  service 
from  any  digital  interface  —  desktop  PCs  to 
mobile  handsets. 

“We  believe  we  have  established  our¬ 
selves  as  leaders  in  this  space,”  said  Lucent 
CEO  Pat  Russo  in  a  recent  Webcast  to  finan¬ 
cial  analysts.  “It  is  strategic  for  us  and  the 
ultimate  enabler  of  our  portfolio.” 

Financial  terms  of  the  IMS  contracts  were 
not  disclosed.  But  analysts  say  potential  rev¬ 
enue  for  Lucent  from  these  and  four  other 
IMS  wins  could  be  in  the  tens  of  millions  to 
hundreds  of  millions  of  dollars.  Lucent  said 
it  has  seven  IMS  wins  and  43  trials. 

“We  estimate  initial  hardware/software 
deployments  to  be  in  the  $50  million  to  $75 
million  range,  with  additional  revenues  tied 
to  IMS  penetration  with  end  customers,” 
said  UBS  Warburg  Analyst  NikosTheodoso- 
poulos  in  a  recent  report  on  the  company. 

UBS  says,  though,  that  Lucent  is  not  likely 
to  record  any  material  revenue  from  IMS 
deployments  in  fiscal  2006  and  is  expected 
to  see  pickup  in  IMS  sales  in  fiscal  2007.The 
firm  also  says  the  long-term  revenue  in  IMS 


w  Sprint  Nextel  last  week  said  it  will 
buy  vireless  aff  iliate  Alamosa 
Holdings  for  approximately  $4.3  bil¬ 
lion.  Alamosa  was  Sprint's  largest 
PCS  affiliate.  Alamosa  provides 
Sprint  PCS  services  in  19  states, 
serving  approximately  1.48  million 
direct  wireless  subscribers  in  242  cus¬ 
tomer  service  areas.  With  this  acqui¬ 
sition  Sprint  has  announced  agree¬ 
ments  to  acquire  more  than  2.3  mil¬ 
lion  Sprint  PCS  affiliate  customers. 
The  acquisition  is  expected  to  be 
comoleted  in  the  first  quarter  of  2006. 


■■ 


for  Lucent  tied  to  the  service 
provider’s  ability  to  get  end 
users  to  pay  for  IMS  services. 

Nearly  every  telecom  sup¬ 
plier  has  an  IMS  pitch,  but 
UBS  says  Lucent  and  Erics¬ 
son  are  the  early  leaders. 

Any  momentum  from  IMS 
will  extend  success  Lucent 
achieved  in  fiscal  2005, 
which  ended  on  Sept.  30. 

Fiscal  2005  was  Lucent’s  second  consecu¬ 
tive  profitable  year  after  three  years  of  losses 
—  net  earnings  were  $1.19  billion  on  a  4.4% 
growth  in  revenue  over  fiscal  2004. 

In  addition  to  IMS,  Lucent  is  focusing  on 


I  believe  we've 
established  ourselves 
a  leader  [in  IMS].55 

Pat  Russo,  Lucent  CEO 


3G  wireless  mobility,  optical/data  conver¬ 
gence,  broadband  access,  professional  ser¬ 
vices  and  applications.These  are  all  growth 
markets  that  will  achieve  compounded 
rates  of  10%  to  41%  over  the  next  four  years, 


Russo  said. 

These  markets  are  where 
Lucent  has  placed  its  “strategic 
as  bets,”  Russo  said.  She  added 
that  these  bets  align  well  with 
the  growth  segments  of  the  in¬ 
dustry  and  should  pay  off  as 
IMS  takes  hold  among  Lucent’s 
service  provider  customers 
and  their  customers. 

“IMS  is  the  heart  and  brains 
of  the  customers’  network,  the  control 
point,”  Russo  said. “And  when  you’re  in  the 
heart  of  the  network  you’re  party  to  all  con¬ 
versations  on  how  to  connect  these  ser¬ 
vices  to  this  network.”  ■ 


When  working  with  clients,  one  of  the 
things  I  try  hard  to  assess  is  how  the 
organization  views  technology:  Is  it  a 
strategic  competitive  advantage  or  a  nec¬ 
essary  evil? 

There’s  no  right  answer  —  for  some 
companies,  technology  is  a  necessary  evil, 
and  the  right  amount  to  spend  on  it  is  as 
little  as  possible.  For  others,  IT  can  be  the 
critical  component  in  overall  success  or 
failure.  The  true  challenge  of  assessing  an 
IT  culture  is  making  sure  it’s  in  line  with 
the  company’s  business  drivers  —  that  is, 
making  sure  that  there’s  a  fit  between  the 
company’s  business  drivers  and  the  way  it 
views  technology. 

I’ll  typically  put  companies  into  four  cat¬ 
egories,  based  on  their  IT  cultures:  bleed¬ 
ing  edge,  aggressive,  moderate  and  con¬ 
servative. 

Bleeding-edge  companies  tend  to  have 
high  margins  and  focus  on  revenue 
growth  and  profitability  as  their  critical 
business  drivers. 

They’re  willing  to  take  a  risk  on  any  tech¬ 
nology  earlier  in  its  maturity  life  cycle  than 
most  firms,  because  for  them  the  potential 
competitive  advantage  resulting  from  early 
adoption  outweighs  the  risks  and  chal¬ 
lenges  of  rolling  out  a  technology  that 


Knowing  your  company’s 
IT  culture  will  pay  off 


might  not  be  fully  baked.  Wall  Street  firms 
are  classic  archetypes  (in  fact,  in  a  recent 
benchmark  we  did  with  the  Wall  Street 
Technology  Association,  half  of  the  WSTAs 
member  firms  described  themselves  as 
bleeding  edge). 

Aggressive  companies  are  fairly  similar, 
just  not  as  extreme.  They’re  more  likely 
than  the  bleeding-edge  folks  to  list  cost 
containment  as  one  of  their  top  three 
drivers  (though  it’s  usually  ranked  third). 
They  may  have  challenges  of  scope  or 
scale  that  make  it  impractical  to  roll  out 
truly  bleeding-edge  technologies.  Many 
large  manufacturers  and  pharmaceuti¬ 
cal  firms,  as  well  as  some  financial  ser¬ 
vices  organizations,  classify  themselves 
as  aggressive. 

Moderate  and  conservative  organiza¬ 
tions  generally  wait  until  a  technology  has 
proven  itself  and  gained  market  traction 
before  deploying  it. These  categories  often 
include  retailers  and  manufacturers  of  tra¬ 
ditional  wares,  who  typically  cite  cost  con¬ 
tainment  as  their  top  priority. 

Let’s  see  how  this  plays  out  with  some 
top-of-the  news  technologies: 

•  MPLS.  Aggressive  and  bleeding-edge 
companies  are  moving,  well,  aggressively 
toward  MPLS-based  services,  while  conser¬ 
vative  firms  are  still  inking  three-year 
frame-relay  deals.  What  should  your  firm 


be  doing?  That  depends.  An  aggressive 
firm  that’s  midway  through  a  three-year 
frame  contract  should  probably  assess 
switching  to  MPLS  before  the  contract  ter¬ 
minates;  a  conservative  firm  can  easily 
wait  until  contract  termination  to  review. 

•  VoIP Rollouts  have  moved  well  into  the 
moderate  camp  —  traditional  retailers 
and  manufacturers  are  jumping  on  the 
VoIP  bandwagon,  along  with  financial  ser¬ 
vices  firms,  pharmaceuticals  and  high- 
tech  manufacturers.  Unless  you’re  sure 
your  company  is  conservative, you  should 
also  be  assessing  VoIP 

•  Real-time  collaboration.  Firms  that  are 
moving  aggressively  forward  with  KTC  tend 
toward  the  bleeding  edge,  particularly  con¬ 
sulting  and  professional  services  firms  that 
view  individual  productivity  as  a  competi¬ 
tive  advantage.  But  watch  for  this  to 
change  rapidly  over  the  next  12  to  18 
months,  as  these  technologies  become 
more  mainstream. 

The  bottom  line?  Thoroughly  under¬ 
standing  your  organization’s  IT  culture  lets 
you  effectively  prioritize  your  firm’s  strate¬ 
gic  technology  planning. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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TECHMtHDCY  UPDATE 

AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 

Technology  corrects  packet  errors 


HOW  IT  WORKS:  Forward  error  correction 

Forward  error  correction  mitigates  WAN  packet  loss  to  boost  application 
performance.  q 
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Packets  are  sent  across  a 


B  Network  congestion  occurs. 


B  Based  on  the  level  of  congestion,  a  forward  error  correction  packet  is  sent  for  every  N  real  packets. 
This  packet  contains  information  that  can  be  used  to  reconstruct  missing  packets. 

□  Forward  error  correction  packets  replace  lost  packets  at  the  far  end,  eliminating  the  need  to 
retransmit  lost  data. 


BY  DAVID  HUGHES 

Forward  error  correction  has  long  been 
widely  deployed  at  the  physical-link  layer 
in  conjunction  with  advanced  line-coding 
schemes.These  techniques  check  and  cor¬ 
rect  bit  errors  on  WAN  links  to  ensure  that 
upper-layer  protocols  receive  error-free 
datagrams. 

But  even  when  a  network’s  physical  link 
is  free  from  bit  errors,  packets  may  still  get 
dropped  in  transit  on  WAN  links  because 
of  queue  overflows  in  oversubscribed  net¬ 
works.  For  example,  it  is  common  to  see 
several  portions  of  the  Internet  experienc¬ 
ing  2%  to  3%  packet  loss  at  any  given  time. 

Packet-level  FEC  works  by  adding  anoth¬ 
er  error-recovery  packet  for  every  N  pack¬ 
ets  that  are  sent.  This  FEC  packet  contains 
information  that  can  be  used  to  recon¬ 
struct  any  single  packet  within  the  group 
of  N.  If  one  of  these  N  packets  happens  to 
be  lost  during  transfer  across  the  WAN,  the 
FEC  packet  is  used  on  the  far  end  of  the 
WAN  link  to  reconstitute  the  lost  packet. 
This  eliminates  the  need  to  retransmit  the 
lost  packet  across  the  WAN,  which  dramat¬ 
ically  reduces  application  response  time 


Got  great  ideas? 


■  Network  World  's  looking  for  great  ideas 
for  future  Tech  Updates.  If  you've  got  one, 
and  want  to  contribute  it  to  a  future  issue, 
contact  Senior  Managing  Editor,  Features 

Amy  Schurr  (aschurr@nww.com). 


and  improves  WAN  efficiency 

Packet-level  FEC  is  an  important  tool  for 
enterprises  looking  to  deliver  business- 
critical  applications  across  a  distributed 
WAN.  It  is  increasingly  being  implement¬ 
ed  as  part  of  symmetric  application- 
acceleration  solutions.  The  functionality 
is  incorporated  in  application-accelera¬ 
tion  appliances  that  are  deployed  on 
both  ends  of  a  WAN  link  to  improve  appli¬ 
cation  delivery  through  a  combination  of 
data  reduction,  local-instance  storage 
and  delivery,  compression,  protocol 
acceleration  and  QoS. 

FEC  works  best  on  a  high-rate  aggregate 
flow,  rather  than  on  individual  flows.  As  a 
result,  it  is  best  implemented  in  environ¬ 
ments  that  use  tunnels  or  aggregated 
flows  when  transferring  traffic  across  a 
WAN.  In  addition,  an  ideal  FEC  imple¬ 
mentation  will  adapt  the  amount  of  over¬ 
head  to  accommodate  changing  WAN 
conditions. 

With  adaptive  FEC,  if  a  tunnel  is  experi¬ 
encing  no  loss,  FEC  is  disabled  and  no 
overhead  is  incurred.When  loss  is  detected 
(because  of  a  network  event  or  during  peri¬ 
ods  of  congestion),  FEC  automatically  steps 
in,  reducing  loss  by  an  order  of  magnitude 
or  more  —  from  several  percent  down  to  a 
fraction  of  a  percent,  in  certain  instances.  In 
doing  so,  application-level  throughput  dur¬ 
ing  periods  of  network  congestion  is  boost¬ 
ed  by  a  similar  amount.The  FEC  ratio  (ratio 
of  error-recovery  packets  to  data  packets)  is 
adjusted  dynamically  to  ensure  that  the 
performance  is  maximized  while  overhead 
is  kept  at  a  minimum. 


When  implemented  properly,  packet- 
level  FEC  provides  a  significant  increase 
in  application  performance  under  a  wide 
range  of  network  conditions.  For  example, 
in  an  average  sampling  across  live  enter¬ 
prise  networks,  it  takes  approximately  85 
seconds  to  download  a  very  large  file 
across  a  10M  bit/sec  WAN  link  with  3% 
packet  loss  and  no  FEC.  When  adaptive 
FEC  is  enabled  on  the  same  type  of  link 
(keeping  all  other  parameters  the  same), 
the  identical  file  is  transferred  in  approxi¬ 
mately  5  seconds.  In  this  scenario,  FEC 


provides  a  17x  improvement  in  applica¬ 
tion-response  time. 

By  providing  an  order-of-magnitude  per¬ 
formance  improvement  in  WAN  environ¬ 
ments  with  high  packet  loss,  FEC  is  indis¬ 
pensable  to  companies  that  are  delivering 
business-critical  applications  to  remote 
and  branch  offices  using  centralized 
servers  and  storage  infrastructure. 

Hughes  is  CTO  and  founder  of  Silver 
Peak.  He  can  be  reached  at  dhughes@ 
silver-peak.com. 


Ask  Dr.  Internet  By  Steve  Blass 


Can  I  build  a  form  in  Macromedia  Flash  and 
post  submissions  back  to  a  standard  Web 
server  form-handler? 

Yes,  the  Flash  Professional  version  can  post  form 
submissions  to  a  plain  old  Web  server,  as  well  as  to  a 
Cold  Fusion  or  ASP  server.  To  create  a  form,  choose 
the  Flash  Form  Application  item  in  the  Create  New 
menu  item  when  you  launch  Flash.  Expand  the 
Components  pane  in  the  Flash  workbench.  Build  your 
form  layout  using  the  Ul  Components  in  the 
Components  pane  by  dragging  and  dropping  selected 


elements  onto  the  stage.  After  laying  out  the  compo¬ 
nents,  use  the  Properties  Inspector  (in  the  Window 
menu)  to  set  your  form  element  parameters,  such  as 
label  text  and  field  names.  Component  properties  and 
behaviors  can  be  customized  using  Action  Script  as 
needed.  The  Flash  forms  tutorial  on  the  Macromedia 
Web  site  has  examples  for  behaviors,  such  as  clear¬ 
ing  all  the  form  fields  at  the  click  of  a  Reset  button. 

After  configuring  all  the  user  interface  data-entry 
components,  you  need  to  provide  an  Action  Script 
for  gathering  the  data,  submitting  the  form  and  dis¬ 
playing  the  appropriate  response,  based  on  the  serv¬ 


er  reply  to  the  form  submission.  The  Action  Script 
language  in  Flash  is  an  ECMAScript-based  language 
similar  to  JavaScript.  Examples  are  provided  in  the 
tutorial. 

After  working  through  the  tutorial,  you  should  be 
able  to  build  forms  directly  into  Flash  presentations 
that  can  post  data  back  to  the  Web  server  technology 
that  you  already  use. 

Blass  is  a  network  architect  at  Changc@Work  in 
Houston.  He  can  be  reached  at  dr.interriet@changeat 
work.  com. 
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Book  reviews  and  virtualization 


Seeing  that  Thanksgiving  has  just 
shot  past  us,  leaving  us  with  an 
expanded  waistline,  we  need  to  slim 
down  in  time  for  packing  on  the 
pounds  at  Christmas. 

Unfortunately  there  is  little  in  the 
Gearhead  universe  that  will  give  you 
much  more  than  a  serious  mental 
workout,  unless  you  count  racking 
up  computer  gear  and  unpacking 
boxes  as  exercise.  Be  that  as  it  may 
this  week  we  have  two  topics  on  our 
minds:  books  and  virtualization. 

First  up,  books.  Over  the  last  few  weeks  we  have  got  our 
hands  on  some  books  you  need  to  get  your  hands  on. 

Our  first  pick  is  The  TCP/IP  Guide  by  Charles  Kozierok 
(No  Starch  Press). Weighing  in  with  an  impressive  count  of 
1 ,539  pages  (we  hung  on  every  word),  this  book  is  the  most 
comprehensive  guide  to  TCP/IP  protocols  we  have  ever 
come  across.  It  also  is  the  most  readable.This  is  a  book  that 
will  be  staying  on  our  shelves,  and  we  highly  recommend 
it.  Actually,  if  you  want  a  workout,  just  try  lifting  this  volume 
at  arm’s  length  a  few  times.  (Buy  it  here  at  www.network 
world.com,  DocFinder:  9840). 

Next,  consider  The  Debian  System  by  Martin  Krafft  (No 
Starch  Press).  At  650  pages,  this  hefty  tome,  subtitled 
Concepts  and  Techniques,  is  not  quite  in  the  same  league  as 
our  last  pick,  but  is  remarkable  for  providing  a  much  larger 
view  of  the  Debian  Linux  distro  than  any  book  we’ve  seen. 
(Buy  it  at  DocFinder:  9841). 


Debian  is  the  basis  of  several  other  distros,  including 
Knoppix  (discussed  in  Gearhead  in  “More  VMware  intri¬ 
cacies,”  DocFinder:  9842),  Ubuntu  (www.ubuntulinux. 
org/),  and  Xandros  (www.xandros.com/).  As  the  book 
explains,  Debian  is  one  of  the  most  organized  and  disci¬ 
plined  open  source  development  projects  around. 

This  book  is  unusual  in  that  it  is  much  more  than  a  tech¬ 
nical  discussion  —  it  delves  into  the  philosophy  of  the  sys¬ 
tem,  explains  how  someone  becomes  a  recognized  Debian 
developer  and  details  the  way  that  Debian  is  licensed. 

We  have  two  topics  on  our 
minds:  books  and  virtualization. 

That’s  not  to  say  the  book  doesn’t  get  technical.  It  pro¬ 
vides  a  very  well-written,  soup-to-nuts  explanation  of  how 
Debian  is  organized;  how  to  install,  configure  and  modify 
the  system;  and  how  to  administer  and  secure  it.  Excellent 
and  highly  recommended. 

Our  next  book  is  back  to  a  topic  that  we  discussed  in 
Gearhead  and  in  Backspin:  virtualization.  Virtualization : 
From  the  Desktop  to  the  Enterprise  by  Chris  Wolf  and  Erik  M. 
Halter  (Apress)  covers  a  large  chunk  of  the  commercial  vir¬ 
tual  machine  market,  including  Microsoft  Virtual  PC  and 
Virtual  Server  and  all  of  the  VMware  products.  (Buy  it  at 
DocFinder:  9843). 

The  subtitle  is  accurate  in  that  the  book  does  span  the  ter¬ 
ritory  from  the  desktop  to  the  enterprise  and  details  instal¬ 


lation,  configuration  and  management  of  virtualization 
products.  As  for  the  enterprise  end,  there  are  chapters  on 
using  virtual  file  systems,  building  failover  and  load-bal¬ 
anced  clusters,  and  virtualizing  storage. 

What  we  particularly  like  about  Virtualization  is  that  it  is 
detailed  and  contains  lots  of  information  that  comple¬ 
ments  the  documentation  of  the  products. This  book  leads 
us  to  our  second  topic:  virtualization,  specifically  VMware’s 
VMware  Player. The  VMware  Player  is  essentially  a  run-time 
forVMs  and  works  under  Windows  and  Linux.  As  was  noted 
in  Gibbsblog  in  October  when  it  was  released:  “Crucially 
this  isn’t  just  for  [VMware’s]  own  VMs,but  also  forVMs  cre¬ 
ated  with  Microsoft’s  own  virtual  machine  environment, 
Virtual  PC  [and  Virtual  Server]  as  well  as  Symantec 
LiveState  Recovery  disk  formats.” 

Amazingly  the  Player  is  free. The  player  won’t  create  VMs, 
but  it  will  run  prebuilt  ones.  A  number  are  available  at 
www.vmware.com/vmtn/vm/. 

Among  the  VMware-provided  VMs  are  Novell  SuSE  Linux 
Enterprise  Server  9,  Novell  Linux  Desktop  9  Virtual 
Development  Environments,  Red  Hat  Linux  Virtual  De¬ 
velopment  Environment,  IBM  Workplace  Express,  BEA 
Weblogic,  MySQL  Workplace,  Oracle  lOg,  SpikeSource 
Core  Stack  (SuSE/Fedora  Core  3  with  a  fully  integrated 
LAMP  Stack  and  more  than  50  integrated  components 
and  utilities)  and  the  Browser  Appliance. 

We'll  tell  you  more  next  week.  Tell  us  what's  up  at  gear- 
head@gibbs.com  and  check  Gibbsblog  (www. network- 
world.  com/ weblogs/ gibbsblog/). 


GEARHEAD 


INSIDE  THE 
NETWORK 
MACHINE 

Mark  Gibbs 


Attend  to  the  tale  of  two  monitors,  one  filled  with  features  galore 
and  a  whiz-bang  widescreen  size,  the  other  a  simple,  square,  basic 
fellow. 

The  scoop:  FPD2185W  TFT  LCD  moni¬ 
tor,  about  $600,  by  Gateway. 

What  it  is:  A  high-definition,  21-inch,  flat- 
panel  LCD  monitor,  the  21 85W  lets  you  dis¬ 
play  two  letter-sized  documents  next  to 
each  other  without  having  to  toggle 
between  applications  or  documents.  The 
screen  also  can  rotate  90  degrees  into  por¬ 
trait  mode,  making  Web  sites  display  verti¬ 
cally,  requiring  less  scrolling.  Multiple 
inputs,  including  analog  (VGA),  digital 
(DVI-D),  composite  video,  S-Video  and 
component  video,  let  users  connect  multiple  devices 
to  the  monitor.  A  picture-in-picture  swap  function 
lets  you  hit  a  “swap”  button  and  switch  between  two 
video  sources.  The  monitor  has  a  1,680-  by  1,050- 
pixel  resolution, a  1,000-to-l  contrast  ratio,  300  nits  of 
brightness  and  support  for  more  than  16.7  million 
colors.  A  height-adjustable  stand  lets  you  set  up  the 
proper  angle  for  viewing  easily  and  an  optional 
speaker  bar  can  be  attached  to  provide  sound  for 
systems  that  don’t  have  speakers. 

Why  it’s  cool:  The  21-inch  widescreen  display  will  make  you  feel  like  the  king 
of  the  office  —  but  you  also  may  find  that  working  with  documents  in  which  you 


Gateway's  21 -inch  flat-panel 
monitor  can  rotate  90 
degrees. 


can  put  two  of  them  on  the  screen  without  toggling  between  them  might  win  you 
some  productivity  points.  Of  course,  it  doesn’t  hurt  that  watching  a  DVD  movie  on 
this  widescreen  display  is  a  nice  bonus.  Rotating  the  display  to  show  a  vertical 
Web  page  or  to  display  a  long,  vertical  document  also  is  nice. 

I’m  always  a  big  fan  of  monitors  that  have  multiple  inputs  that  let  you  attach  non¬ 
computer  devices,  such  as  a  DVD  player  and  gaming  console,  so  I  wasn’t  disap¬ 
pointed  with  the  options  and  inputs  offered  by  the  2185W 1  happily  removed  my 
old  CRT  monstrosity  from  my  desk  and  replaced  it  with  this  sleek,  new  monitor. 

Some  caveats:  Unfortunately,  my  production  notebook  didn’t  support  the  moni¬ 
tor’s  1,680  by  1,050  native  resolution,  so  when  I  connected  it  to  the  monitor  every¬ 
thing  looked  stretched  out. 

Grade:  -k-kirki 


Shaw  can  be  reached  at  kshaw@nww.com. 


The  scoop:  FP71G+  LCD  monitor,  about  $330,  by  BenQ. 

What  it  is:  A  flat-panel  monitor  stripped  of  fancy  features;  the  FPG71G+  still  pro¬ 
vides  a  17-inch  display  in  a  sleek,  yet  basic,  package.  The  monitor  includes  an  8 
millisec  response  time,  a  500-to-l  contrast  ratio  and  300  nits  of  brightness. There  is 
only  a  VGA  connection  for  a  computer;  there  are  no  DVI-D  inputs,  composite  or 
component  inputs  —  a  basic,  black  LCD  monitor. 

Why  it’s  cool:  Aha!  You  may  think  that  my  snobbery  for  fancy  features  and  mul¬ 
tiple  inputs  would  disqualify  this  monitor  as  a  “Cool  Tool.”  But  after  not  being  able 
to  connect  the  Gateway  widescreen  up  to  my  existing  (ahem,  old)  notebook,  1 
needed  to  find  a  basic  monitor  that  would  prevent  me  from  having  to  lug  the  CRT 
monitor  back  onto  my  desk. The  FPG71G+  fit  the  bill  nicely  For  most  of  my  daily 
work  routines,  the  monitor  gave  me  a  sharper  image  (1,280  by  1,024  resolution) 
than  my  old  CRT  (1,024  by  768). 

Some  caveats:  No  whiz-bang  video  inputs  meant  I  couldn’t  hook  up  six  devices 
to  the  monitor,  such  as  a  gaming  console,  DVD  player  and  other  fun  equipment. 

Grade:  ★★★★ 


Simplify  your  I.  T.  and  your  business.  IBM  servers  and  storage  are  designed  to 
help  you  do  just  that.  Take  the  IBM  TotalStorage ®  DS4100  Express  with  DACstore. 

It  can  help  you  reconfigure  or  add  capacity  while  staying  up  and  running. 

No  need  to  stop  to  reset  drives. 

Because  with  IBM  Express,  innovation  comes  standard.  That’s  true  for  servers, 
storage  and  printers.  What’s  more,  you  can  keep  your  technologies  current 
while  helping  to  reduce  costs  -  through  IBM  Global  Financing. 

All  things  considered,  an  I.  T.  hero  deserves  nothing  less. 

MEET  3  HEROES  IN  THE  BATTLE  AGAINST  1.1  COMPLEXITY. 

YOU’RE  THE  4TH. 


IBM  TotalStorage  DS4100  Express 

Ships  with  1.25TB1 

DACstore  for  configuration  metadata 
3.5TB  with  1  controller;  28TB  with  2'' 

Limited  warranty;  1  year  on-site2 

From  $7,349* 

(Other  configurations  as  low  as  $6,599) 

IBM  Financing  Advantage 
Only  $206/mo.3 
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IBM  eServer  OpenPower  720  Express 

Built  on  IBM  POWER5,M  technology 
and  tuned  for  Linux* 
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2-  or  4-way  64-bit,  rack  or  tower  models 

Up  to  8GB  of  memory,  disk  capacity 
up  to  1.1TB1 

Optional  Advanced  Virtualization  features 

DB2*  Express  Discover  CD 

Limited  warranty:  up  to  3  years  on-site2 
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IBM  TotalStorage  3580  Express 

Helps  protect  LTO™  investment 

Built  on  Ultrium™  3  technology 

Read/write  compatible  with  Ultrium  2  drives 
-  read  compatible  with  Ultrium  1  drives 

Up  to  800GB  cartridge  physical  capacity 
with  2:1  compression1 

Limited  warranty:  3  years  on-site2 


From  $5,850* 


From  $9,774* 

IBM  Financing  Advantage 
Only  $273/mo. 


IBM  Financing  Advantage 

Only  $1 64/mo.3 


Learn  more  about 
our  full  range  of 
IBM  Express  products 
and  find  the 
IBM  Business  Partner 
near  you. 


ibm.com/ 

systems/innovate2 


1  800-IBM-7777 

mention  104CE05A 


’All  prices  stated  are  IBM's  estimated  retail  selling  prices  as  of  September  13, 2005.  Prices  may  vary  according  to  configuration  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are 
subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  1 .  Denotes  raw  storage  capacity. 
Usable  capacity  may  be  less.  2.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  On-site  warranty 
is  available  only  for  selected  components.  3.  IBM  Global  Financing  offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and 
government  customers.  Monthly  payments  provided  are  for  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  factors.  Lease  offer  provided  is  based  on  a  FMV  lease  of  36  monthly  payments.  Othc 
restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  IBM,  the  IBM  logo,  eServer.TotalStorage,  OpenPower,  P0WER5  and  DB2  are  trademarks  or  registered  trademarks 
of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Linux  is  a  trademark  of  Linus  Torvalds  in  the  United  States  and  other  countries.  LTO  and  Ultrium  are  trademarks  of  Certana. 
HP  and  I8M  in  the  U.S.  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2005  IBM  Corporation.  All  rights  reserved. 
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The  give-and-take 
of  tech  advice 


There’s  a  reason  birds-of-a-feather  gatherings  draw  such 
interest  at  industry  conferences  and  case  studies  are 
popular  stories  among  Network  World  readers:  Pfeople 
like  to  learn  from  their  peers. 

In  that  spirit,  we’ve  interviewed  many  of  your  counterparts 
over  the  past  two  months  and  assembled  a  package  of  sto¬ 
ries  for  this  issue  to  share  the  wisdom. 

For  example,  Mark  Bruhn,  Indiana  University’s  acting  associ¬ 
ate  vice  president  for  telecommunications  in  Indianapolis, 
found  the  best  way  to  secure  his  wireless  network,  which 
supports  thousands  of  student 
devices,  was  to  set  aside  Wired 
Equivalent  Privacy  technology  in 
favor  of  a  set  of  VPN  servers  that 
require  end  users  to  input  a  net¬ 
work  ID  and  password  to  authen¬ 
ticate  themselves. 

David  Giambruno,  director  of 
strategic  infrastructure  and  securi¬ 
ty  for  Pitney  Bowes  in  Stamford, 

Conn., shares  advice  on  how  to 
approach  patch  management. 

Instead  of  trying  to  tackle  every¬ 
thing  in  one  fell  swoop,  take  an 
inventory  of  what  you  have,  determine  what  can  and  cannot 
be  patched,  and  be  sure  to  document  all  this  for  upper  man¬ 
agement.  If  you  don’t  have  documentation, “You  are  the  sacri¬ 
ficial  lamb,”  he  says. 

When  considering  network  overhauls,  Richard  Glasberg, 
director  of  enterprise  communications  for  the  common¬ 
wealth  of  Massachusetts,  says  the  life  expectancy  of  net¬ 
work  gear  is  typically  three  to  five  years,  and  the  trick  is  to 
time  upgrades  so  you  maximize  ROI  while  still  acting  in  a 
timely  enough  fashion  to  reap  vendor  upgrade  credits. 

Some  network  managers  are  big  on  the  many  freeware  and 
open  source  options  available.  Rick  Beebe,  manager  of  sys¬ 
tem  and  network  engineering  for  ITS-Med  at  Yale  University 
School  of  Medicine  in  New  Haven,  Conn., says, “I  have  the 
budget  to  invest  in  tools  i  need,  but  if  I  find  it  in  freeware, 
why  spend  the  money?” 

As  for  me,  the  best  advice  1  ever  got  followed  a  particular¬ 
ly  grueling  edit  of  a  story  1  wrote  for  Network  World. 
“Understand  the  connections,”!  was  instructed. Since  then, I 
have  made  it  my  primary  mission  to  know  front  to  back  the 
links  between  routers  and  switches, servers  and  clients,  IT 
shops  and  their  users,  IT  buyers  and  their  vendors  —  and 
perhaps  most  important,  the  connection  between  Network 
World  and  you,  the  reader. 


TAKE  QUR  ADVICE: 


TOP  TIPS 

FOR  NETWORK  EXECS 

■I  Starts  nn  rmnp.  4fl  Hi 


—  Denise  Dubie 
Senior  Editor 
ddubie@nww.  com 
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Vision  quest 

1  thoroughly  enjoyed  Daniel  Briere’s  column 
“Where’s  Walt  Disney  when  you  need  him?”  (www. 
networkworld.com,  DocFinder:  9926).  I  grew  up 
among  visionaries  like  Disney;  they’re  the  reason  I 
became  an  engineer.  Engineering  was  a  daring, 
visionary  profession  that  made  the  future  a  reality 
Today,  there  is  no  vision,  no  daring;  only  the  immedi¬ 
ate  bottom  line.A  while  back, engineers  ran  the  great 
technology  companies  in  the  United  States.  Now 
accountants  run  them  and  try  to  impose  the  rules  of 
accounting  all  the  way  down  to  the  lowly  line  engi¬ 
neer,  stifling  any  sense  of  innovation.  Any  innovative 
idea  must  fit  precisely  into  the  process  plan  only  at 
the  appointed  time. 

This  mind-set  is  rippling  down  throughout  our  cul¬ 
ture  and  government. Everything  is  about  immediate 
gratification.  Nowhere  do  you  see  commitment, 
strategic  thinking,  long-term  investment,  basic  re¬ 
search  or  innovation.  If  this  trend  doesn’t  turn 
around,  we  will  soon  take  a  technological  back  seat 
to  the  rest  of  the  world. 

Jonathan  Hujsak 
San  Diego 

Fond  memories  of  Fore 

Thanks  to  JohnaTill  Johnson  for  her  column  “A  fond 
farewell  to  Fore  Systems”  (DocFinder:  9927).  I 
worked  there  for  almost  five  years  as  a  quality-assur¬ 
ance  engineer.  In  QA,  we  did  our  very  best  to  “break 
stuff,”  but  it  wasn’t  easy;  as  Johnson  states,  the  gear 
was  rock-solid.  We  took  great  pride  in  our  work. 

We  thought  of  ourselves  as  extended  family  —  so 
much  so  that  last  year  more  than  2,000  former  Fore 
employees  attended  a  reunion  at  Heinz  Field  in 
Pittsburgh.  We  rented  out  the  banquet  facilities  so 
that  we  could  toast  the  “little  company  that  could  . . . 


and  did”  at  midnight  on  04/04/04.  We  continue  to 
stay  in  touch  with  one  another,  have  an  alumni  Web 
site  and  mailing  lists  for  our  own  “Fore  network.”  I 
challenge  you  to  find  another  company  that  has  that 
kind  of  loyalty 

We  don’t  live  in  the  past,  but  rather  use  our  experi¬ 
ences  at  Fore  to  remember  what  an  ideal  work  envi¬ 
ronment  was. We  had  a  reputation  for  being  a  group 
of  twenty-something  party  animals  who  played  foos- 
ball,  had  catered  Friday  happy  hours  and  slept  in 
hammocks.  We  did  do  that,  but  we  also  worked  our 
behinds  off.  Fore’s  work  philosophy  was  one  of  self- 
governance.  There  were  no  set  work  hours.  1  worked 
with  people  who  would  come  in  at  noon  and  peo¬ 
ple  who  came  in  at  4  a.m.Everyone  received  stock 
options,  even  the  admins  and  mail  clerks. 

We  had  a  full  gym  and  a  cafeteria  that  had  high- 
chairs  for  the  little  ones.  Babies  and  toddlers  were 
welcome  during  the  day  although  not  at  meetings.  I 
had  lunch  with  my  wife  and  son  two  or  three  times 
a  week.  I’d  change  his  diapers  in  my  office,  while  my 
boss  and  I  were  having  development  conversations. 

I’ll  leave  you  with  the  standard  demo  that  would 
usually  close  a  deal  for  us.  We  would  start  streaming 
“Top  Gun”  across  an  array  of  switches  to  multiple 
PCs  and  workstations.  Then  one  by  one,  we  would 
remove  the  redundant  network  cards,  redundant 
power  supplies  and  finally  the  dual  processor  cards 
that  contained  the  CPUs.  At  this  point  all  that  was  left 
was  a  single  network  card  in  each  switch  with  the 
fiber  connections  stringing  across  the  array  of  gutted 
switches  with  90%  of  everything  removed,  piled  on 
the  floor  —  and  nobody  ever  saw  a  frame  of  the 
movie  skip. 

Michael  Kurzawa 
Oakmont,  Pa. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 1 8  Turnpike  Road,  Southborough.  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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SOX  WATCH 
Michael  Kamens 


ABOVE  THE  CLOUD 
James  Kobielus 


Tips  toward  surviving  a  SOX  audit 


Just  the  mention  of  a  Sarbanes-Oxley  audit 
provokes  horror  stories  of  inordinate  time 
spent  providing  evidence;  complying  with 
written  policies,  procedures  and  guidelines;  and 
attending  countless  meetings.  Sorry  to  say  but  life 
is  not  going  to  get  easier  until  you  make  SOX  a 
part  of  your  daily  routine  and  take  an  active  role 
in  the  entire  audit  process. 

In  more  than  70  IT  security  audits  and  three 
full-scale  SOX  engagements  at  Fortune  100,  500 
and  1000  companies  since  2002,  1  have  wit¬ 
nessed  both  the  best  and  worst  practices  and 
approaches  to  compliance.  Why  is  it  that  so 
many  educated,  driven  individuals  seem  unable 
to  use  the  numerous,  readily  available  sources  of 
data  to  stand  up  and  challenge  the  interpreta¬ 
tions  of  SOX  to  which  they  are  subjected? 
Instead,  they  blindly  accept  the  mandates  set 
forth  by  the  very  people  who  have  a  vested 
financial  interest  in  how  the  SOX  audit  is  run. 

Some  knowledgeable  external  auditors  have 
eliminated  many  controls  that  had  to  be  satisfied 
last  year. They  made  these  changes  after  realizing 
their  understanding  of  SOX  should  change  to  be 
more  closely  in  line  with  the  intent  of  the  law. 
Other  auditors  are  unwilling  to  modify  the  audit 


controls  they  consider  critical.  Often  there  is  a 
direct  correlation  between  this  inflexibility  and 
lack  of  real-world,  hands-on  experience. 

Unless  you  and  your  company’s  audit  group 
have  a  full  understanding  of  SOX,  you  won’t  be 
able  to  question  the  external  auditors’ template  of 
what  they  expect.  The  Web  sites  of  the  Infor¬ 
mation  Systems  Audit  and  Control  Association 
(www.isaca.org),  Institute  of  Internal  Auditors 

Life  is  not  going  to  get 
easier  until  you  make  SOX 
a  part  of  your  daily  routine. 

(www.iia.com)  and  Public  Company  Accounting 
Oversight  Board  (www.pcaob.com)  offer  a 
wealth  of  information  about  SOX. 

There  are  six  major  SOX  pitfalls  you’re  likely  to 
encounter: 

•  Too  many  controls  selected  to  meet  compli¬ 
ance.  You  can  reduce  these  by  having  an  educat¬ 
ed  understanding  of  what  the  actual  law  asks  for. 

•  Lack  of  documented  policies,  procedures  and 
guidelines;  poorly  drafted  control  activities  and 
poorly  documented  test  procedures. 


•  Lack  of  an  organized  internal  audit-team 
structure.  Your  company  needs  financial  and  IT 
auditors,  or  you  face  seeking  out  consultants  on 
the  fly  without  verifying  their  capabilities. 

•  Failures  discovered  during  the  initial  audit  but 
not  remedied. The  additional  time  required  to  fix 
these  problems  increases  audit  costs. 

•  Insufficient  or  missing  evidence. You  and  your 
auditors  must  agree  as  to  whether  your  evidence 
controls  are  satisfactory  Keep  evidence  in  one 
place,  properly  cataloged  for  easy  access. 

•  No  correlation  between  control  activities  and 
risks.  You  cannot  take  the  verbiage  of  a  control 
activity  and  make  it  fit  the  risk;  you  must  take  the 
time  to  ensure  you  have  satisfied  its  intent. 

In  general,  SOX  pitfalls  can  be  avoided  through 
knowledge,  an  organized  team  managed  by  a 
senior  executive  authorized  to  implement  the 
necessary  mandates,  detailed  explanations  of  the 
controls  and  the  tests  required  to  satisfy  them, and 
buy-in  from  the  entire  company 

Kamens  has  a  law  degree  and  is  a  certified  infor¬ 
mation  security  manager  and  independent  IT 
security  /SOX  auditor.  He  can  be  reached  at  mike@ 
kamens.org. 


Clients  virtualize  beyond  recognition 


Client  virtualization  is  an  underlying  theme  in 
many  recent  industry  announcements.  In 
virtualization,  the  external  interface  of  every 
service  becomes  unmoored  from  its  implementa¬ 
tion  in  particular  physical  platforms,  operating 
systems,  application  frameworks  and  software 
components.  Essentially  a  client  becomes  virtual¬ 
ized  when  its  GUI  grows  abstracted  from  the 
resources  of  the  local  access  device,  be  it  a  PC, 
handheld  or  other  computer.  The  virtualized 
client  may  rely  on  both  local  and  remote  network 
resources  to  render  its  interface,  furnish  its  pro¬ 
cessing  power,  store  its  data,  route  its  print  jobs 
and  handle  other  core  client  functions.  Users 
remain  blissfully  unaware  of  what  blend  of  dis¬ 
tributed  resources  is  actually  driving  their  presen¬ 
tation  experience. 

Vendors  are  avidly  exploring  ways  to  virtualize 
client  environments.  Take  Microsoft  Windows 
Vista,  for  example.  In  the  long,  tortured  ramp-up  to 
the  release  of  this  client  operating  system,  Micro¬ 
soft  has  removed  most  of  the  new  functional 
components  —  including  security  and  file-system 
enhancements  —  that  were  supposed  to  make 
Vista  worth  waiting  for.  What’s  primarily  left  is  a 
client  virtualization  technology  called  Windows 
Presentation  Foundation  (WPF), which  allows  the 
Windows  GUI  to  be  dynamically  rendered,  tai¬ 
lored  and  customized  by  applications,  in  keeping 
with  a  declarative  markup  syntax  called 
Extensible  Application  Markup  Language 
(XAML).  Essentially,  WPF/XAML  enables  a  virtual¬ 
ized  separation  of  the  Windows  presentation 
interface  from  the  underlying  application  code. 
Microsoft  has  even  decoupled  WPF/XAML  from 


Vista,  taking  the  Windows  platform  another  step 
down  the  road  to  total  virtualization.  WPF/XAML 
—  and  all  Vista  features  —  also  will  be  made 
available  as  retrofits  for  legacy  Windows  operating 
systems,  including  XP  and  Server  2003.  Essentially 
this  new  technology  will  become  the  virtualized 
presentation  layer  to  all  Windows  versions. 

There’s  even  more  to  Microsoft’s  client  virtual¬ 
ization  story.  Earlier  this  month,  Microsoft 
announced  its  Windows  Live  strategy,  under 
which  operating  system  and  application  features 
will  be  provided  as  hosted  software  as  a  service. 
Essentially  Live  is  aimed  at  making  free  Microsoft- 
hosted  services  —  such  as  e-mail,  instant  messag- 

Virtualization  is 
transforming  client-side 
computing. 

ing,  search,  file  sharing, VolPsoftware  delivery  and 
RSS  aggregation  —  integral  to  Microsoft’s  not-free 
client  software.  When  the  client  operating  system 
goes  “live,”  per  Microsoft’s  strategy  it  blurs  the  prac¬ 
tical  boundary  between  those  functions  the  client 
performs  from  local  resources  and  those  it  relies 
on  the  service  fabric  to  accomplish. 

But  let’s  not  give  Microsoft  all  the  credit  for  the 
trend  toward  client  virtualization.  Enriched 
browsers  of  all  varieties  —  including  Macromedia 
Rash  and  other  vendors’  plug-ins  —  are  blurring 
the  practical  distinction  between  clients  and 
servers  even  further.  Enriched  browsers  such  as 
those  supporting  Asynchronous  JavaScript  +  XML 
(AJAX)  deliver  a  more  GUI-like  user  experience 


than  a  basic  browser.  AJAX-capable  browsers, 
such  as  Internet  Explorer  and  Firefox, shift  the  pre¬ 
sentation  emphasis  away  from  downloading  indi¬ 
vidual  Web  pages  toward  navigating  within  richer, 
structured,  client-side  content  caches.  The  en¬ 
riched  browser  can  execute  more  application 
logic,  cache  more  content  and  perform  more  ren¬ 
dering  locally  than  a  basic  browser.  And  it 
offloads  some  or  all  of  these  functions  from  por¬ 
tals,  Web  sites  and  other  presentation  servers. 

The  offloading  can  go  both  ways,  of  course: 
Most  of  the  processing  power  of  PCs  can  be  cen¬ 
tralized  into  server  chassis,  per  the  network  PC 
approach  first  introduced  in  the  late  1990s.  A  new 
twist  on  that  approach  —  the  blade  PC  —  is  the 
most  important  development  in  desktop  man¬ 
agement  in  many  years.  Blades  from  pioneers  HP 
ClearCube  and  IBM  virtualize  desktop  resources 
into  manageable  slices  of  a  server’s  centralized 
resources,  transforming  the  innards  of  each  PC 
into  a  blade  that  can  be  installed  in  a  server  chas- 
sis.The  user  relies  on  a  thin-client  windowing  pro¬ 
tocol  such  as  Citrix’s  Independent  Computing 
Architecture  to  interface  remotely  to  what  is, 
essentially  a  full-featured  dedicated  PC. 

Clearly,  virtualization  is  transforming  client-side 
computing  beyond  all  recognition.  The  presenta¬ 
tion  tier  is  blurring  into  the  application-server, 
middleware  and  networking  infrastructures. 

Kobielus  is  a  senior  technical  systems  analyst  at 
Exostar,  a  business-to-business  trading  exchange 
serving  the  aerospace  and  defense  industry.  He 
can  be  reached  at  (703)  924-6225  or  james_ 
kobielus@hotmail.  com. 
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What  works  and  why 


Ep  IT  experts  offer  their  advice  on  top 
technologies  including  VoIP,  patching, 
WAN  services,  SOA,  security.  Page  44. 
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Network  professionals,  industry  watchers 


■  BY  DENISE  DUBIE  AND  JIM  DUFFY 


S  ADVICE  COLUMNIST  ANN  LANDERS  ONCE  WROTE, 
“Know  when  to  tune  out.  If  you  listen  to  too  much  advice,  you 
may  wind  up  making  other  peoples  mistakes.” 

In  the  network  world,  Landers’  notion  is  well-heeded.The 
trick,  of  course  is  deciding  which  advice  can  make  your  life 


When  to  upgrade 

Insiders  share  their  experiences  about 
equipment  life  cycles.  Page  49. 


easier  and  which  could  derail  your  career. 

Network  World  took  an  informal  poll  of  our  readers,  network  execu- 


Something  for  nothing 

Where  to  find  and  how  to  take  advan¬ 
tage  of  freeware  and  open  source 
applications.  Page  51. 


tives  and  others  to  find  out  what  was  the  best  advice  they  ever  received 
and  what  they  did  with  it.  Not  surprisingly  the  results  show  that  the  best 
advice  is  to  learn  about  what  goes  on  in  your  IT  shop,  being  open  to  its 
rapidly  changing  nature  and  understanding  how  networks  are  the 


Indiana  University  goes  wireless 


backbone  of  business.  It  also  doesn’t  hurt  if  you  can  solve  technology 


H  University  network  exec  shares  experi- 
'  ences  and  challenges  of  rolling  out 
JImP*  mL  wireless  across  two  campuses. 

■KilP  Page  53. 


Taking  charge 

Tips  and  tricks  for  tackling  your 
responsibilities  as  a  manager  of  peo¬ 
ple,  projects  and  vendors.  Page  56. 


The  give  and  take  of  tech  advice 

Page  38. 

More  tips  online  _ 

Share  your  best  advice  stories  with  peers. 
DocFinder:  9945 

Find  more  tips  to  kick  start  your  technology  plans. 
DocFinder:  9943 

Read  more  about  Indiana  U.s  wireless  rollout. 
DocFinder:  9946 

Illustrations  by  Harry  Campbell 


problems,  manage  others  as  a  team  and  keep  customers  happy 


Specifically  the  best  advice  to  get  ahead  in 
the  network  arena  starts  with  the  basics.  Net¬ 
work  executives  say  learning  the  details  of 
networks  and  the  equipment  that  runs  on 
them  will  get  you  far. 

“You  can  never  see  too  many  networks,”  says 
Luis  Henriques,  senior  network  engineer  at 
Coast  Capital  Savings  in  Vancouver,  the  sec¬ 
ond-largest  credit  union  in  Canada. 

When  he  began  his  career,  about  10  years 
ago,  Henriques  saw  the  “one  little  network”  his 
small  company  had  implemented  and 
thought  he  had  seen  it  all  —  until  he  moved 
to  his  next  employer. 

By  the  time  Henriques  was  at  his  third  com¬ 
pany,  his  boss  told  him  to  go  out  and  see  as 
many  networks  as  he  could  so  he  could  ad¬ 
vise  his  employer  about  how  to  implement  its 
own  new  technology“He  said, ‘We  don’t  really 
know  how  this  works,  so  I  want  you  to  go  and 
meet  these  other  companies  and  talk  to  their 
networking  people  and  see  how  they  do 
this’”  Henriques  explains. 

Henriques  says  that  while  he  was  working 
for  a  telecom  service  provider,  the  customers 
showed  him  a  thing  or  two. 


It  s  good  to  step 
outside  and  see  how 

A 

somebody  else  has 
already  implemented 
their  network. 

Luis  Henriques,  senior  network 
engineer,  Coast  Capital  Savings 
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rendcr  executives  share  the  tips  that 


helped  them  get  ahead. 


“Time  passes  by,  technology  changes.That’s  yet 
another  reason  to  keep  seeing  more  networks  . . . 
throughout  your  career,  because  it’s  too  hard  to 
keep  up  with  everything.  Now  and  then  it’s  good  to 
step  outside  and  go  see  how  somebody  else  has 
already  implemented  their  network,”  he  says. 

But  before  examining  networks,  practitioners 
might  immerse  themselves  in  the  basics  of  the 
things  attached  to  the  networks.  Such  as  PCs. 

Craig  Paul, systems  software  analyst  in  the  Appli¬ 
cations  Technology  Group  at  the  Kansas  University 
Computer  Center  in  Lawrence,  says  the  best  advice 
he’s  received  and  would  give  is  to  learn  the  basics 
of  computer  hardware  architectures. 

“Routers  are  essentially  special-purpose  comput¬ 
ers,”  Paul  says.“If  you  study  about  computer  architec¬ 
ture, you  leam  about  I/O  buses  and  things  that  com¬ 
puters  can  do  in  terms  of  memory  and  memory 
protection.  It  also  leads  to  the  realization  that  most 
host  computers  could  be  routers  . . .  and  can  be 
firewalled  even  without  a  firewall.” 

Paul  says  there  are  some  people  he  works  with  — 
even  those  higher  in  the  management  pecking 
order  —  who  have  no  idea  about  internal  comput¬ 
ing  architectures. 

Paul  recalls  a  Java  course  in  which  he  says  the  in¬ 
structor  and  many  students  didn’t  know  such  deep 


details  about  computing  architectures,  such  as 
memory  paging  sizes  and  page-size  restriction.  Paul 
even  volunteered  after  class  to  instruct  the  embar¬ 
rassed  teacher  about  Java  behavior  so  the  instructor 
could  impart  that  knowledge  to  the  class. 

Be  business-sawy 

Even  those  pursuing  the  executive  ranks  should 
become  conversant  in  technology  Learn  to  balance 
technical  acumen  with  business  savvy  says  Larry 
Jarvis,  senior  vice  president  of  network  and  voice 
engineering  for  Fidelity  Investments  in  Boston. 

“I  seem  to  see  consistently  one  of  two  types  of 
executives:  One  is  the  type  that  came  up  through 
the  technology  ranks  and  was  promoted  into  man¬ 
agement  . . .  with  little  to  no  formal  management 
training.  And  then  executives  that  come  out  of 
more  of  the  business-school  side  and  don’t  grasp 
the  technology  Jarvis  explains.”  While  they  have 
good  leadership  skills,  their  ability  to  lead  these 
highly  technical  teams  wanes,  because  they  can’t 
have  that  dialogue  with  those  contributors  that  are 
really  making  it  happen.” 

Jarvis  says  he  went  through  a  rigorous  conversion 
from  technology  into  management  early  in  his 
career  at  a  former  Fortune  500  employer. 

“They  really  encouraged  folks  coming  from  tech¬ 
nology  into  management  with  a  very  formalized 
training  program  to  make  that  transition,”  Jarvis 


says.The  advice  was, you  focus  on  the  customers 
and  the  requirements  of  your  customer,  focus  on 
your  team,  run  your  technology  like  a  business,  and 
you  will  be  successful  as  a  manager,  Jarvis  says. 

‘As  easy  as  that  may  sound,  managers  that  can  do 
that  successfully  . . .  [find  it]  a  very  difficult  chal¬ 
lenge.  1  think  that’s  what  makes  a  great  leader  in  the 
technology-skills  space,”  Jarvis  says. 

But  so  many  network  and  business  executives 
struggle  because  they  are  either  well-versed  in  the 
nitty-gritty  technology  details,  or  they  only  know  the 
business  perspective.  Focusing  on  only  one  of  the 
two  results  in  failure,  Jarvis  says. 

“If  you  go  too  far  to  the  business  side  . . .  morale 
on  the  employee  side  goes  down. The  productivity 
starts  to  drop  dramatically,  because  those  troops 
lined  up  before  you,  they  don’t  want  to  work  for 
you  anymore. You  lost  their  loyalty]’ he  says.“lf  you 
lean  too  much  on  the  technology  side, you’re  going 
to  alienate  yourself  from  the  business  folks.They 
get  religious  about  the  technology,  and  they  forget 
why  they  exist.They  exist  to  move  the  business,  the 
revenue  side  of  the  house  forward.” 

Striking  the  balance  between  technology  re¬ 
sources  and  business  demands  for  your  team  can 
help  you  get  ahead  in  networking,  says  Rich  Glas- 
berg,  director  of  enterprise  communications  for  the 
commonwealth  of  Massachusetts  in  Boston.  Glas- 
berg  says  a  mix  of  hands-on  training  in  leading-edge 
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■ Never  sit  back  and  just 
assume  somebody  will  do 
something  lor  you. 

Frank  Dzubeck,  president. 

Communications  Network  Architects 


technology  along  with  the  smarts  to  understand 
how  the  organization  depends  upon  the  technol¬ 
ogy  pushed  his  career  forward. 

“Not  every  piece  of  this  business  is  for  every¬ 
one;  you  have  to  capitalize  on  getting  into  the 
business  if  you  have  those  skills,”  he  says.  Among 
the  skills  Glasberg  notes  is  being  able  to  manage 
people  as  well  as  technology  and  determining 
the  next  technology  moves  without  losing  focus 
on  what  the  company,  or  in  his  case,  the  com¬ 
monwealth  needs. 

For  Debbie  Joy,  lead  solution  architect  with 
Computer  Sciences  Corp.,the  best  advice  she 
ever  got  in  her  22-year  network  career  helped  her 
advance  from  a  technician  to  a  director  of  tech¬ 
nology  Joy  explains  that  a  manager  leaving  his 
position  advised  her  not  to  complain  about  the 
technology  shortcomings  or  personnel  problems 
in  the  department  to  the  incoming  boss  without 
also  having  a  solution  to  offer. 

“If  you  are  going  to  go  to  management  or  a 
senior  technician  with  a  problem,  youd  better 
have  a  solution,  or  you  will  just  sound  like  a 
complained  Joy  says.“l  laid  out  what  was  wrong 
with  our  department,  how  it  could  be  run  bet¬ 
ter,  and  the  new  manager  told  me  to  write  it  up 
and  get  to  work.Thats  when  I  transitioned  from 
a  technologist  to  a  problem  solver  and  busi¬ 
ness-related  employee.” 

The  advancement  taught  Joy:“Knowing  the 
technology  inside  and  out  just  isn’t  enough  any¬ 
more;  you  have  to  be  able  to  apply  it  to  your  busi¬ 
ness  and  learn  how  to  apply  it  to  another  busi¬ 
ness  when  you  change  positions.” 

Rich  Ptak,  principal  analyst  at  market  research 
firm  Ptak,  Noel  &  Associates, says  he  witnessed 
the  demise  of  Digital  Equipment  Corp.  (DEC) 
because  he  believes  Ken  Olsen  and  others  at  the 
time  didn’t  recognize  how  the  management  of 
the  business  tied  back  into  the  success  of  the 
technology.  For  Ptak,  the  realization  was  an 
epiphany  that  led  him  away  from  his  technologist 
roles  to  become  an  industry  analyst. 

“Management  was  just  a  secondary  task  at  the 
time,"  Ptak  explains.“The  real  crux  of  networking 
is  that  it’s  made  up  of  a  bunch  of  componentized 
devices  that  when  connected  make  the  business 
run  smoothly.lt  wasn’t  that  DEC  had  bad  technol¬ 
ogy  or  products;  it  was  that  the  management  of 
the  business  wasn’t  incorporated  into  them.” 

Network  professionals  must  also  balance  the 
effectiveness  of  their  current  skills  against  investi¬ 
gating  leading-edge  technologies  that  could  ad¬ 
vance  their  careers.  Focusing  only  on  the  day-to- 
day  operations  vs.  exploring  new  tools  and  pro¬ 
cesses  can  mean  the  difference  between  ad¬ 
vancing  in  the  organization  or  being  left  behind 
in  an  ineffective  position. 

Chris  Gahagan, senior  vice  president  of  EMC 
Software, started  his  career  at  HP  and  says  he 
recognized  the  importance  of  the  network  but 
also  its  role  of  providing  connectivity  to  the 
applications  and  services  that  run  on  it.  For  him, 
getting  ahead  required  moving  to  SpectraLogic 
to  explore  what  at  the  time  was  a  new  area  of 
networking,  backup. 

“What  1  saw  in  the  late  1980s  and  early  1990s 
was  that  the  network  was  an  enabler  for  a  lot  of 


other  technologies  and  that  the  network  could 
add  value  to  other  applications  and  services,”  he 
explains.“I  left  HRbut  was  able  to  start  up  the 
software  part  of  a  business  based  on  what  the 
network  could  enable.” 

CSCs  Joy  points  out  that  often  those  in  technol¬ 
ogy  positions  get  stuck  in  a  rut  of  specialization. 
She  offers  advice  along  the  same  lines  as 
Gahagan:  be  open  to  changing  your  focus  before 
your  role  becomes  obsolete. 

“Often  you  get  to  the  point  where  you  can’t  go 
higher  doing  that  thing  that  you  loved  so  much,” 
she  says.“But  then  a  light  bulb  goes  off,  and  it’s 
obvious  that  you  can  get  ahead  with  a  new  tech¬ 
nology,  which  you  will  also  learn  to  love.” 

Brian  Jones,  manager  of  network  engineering 
and  operations  manager  at  Virginia  Polytechnic 
Institute  and  State  University  in  Blacksburg,  says 
his  success  in  networking  comes  from  a  broad 
understanding  of  network  technologies  and  the 
capabilities  to  apply  them  in  a  specialized  way. 
Also  with  the  ever-changing  nature  of  technolo¬ 
gy,  he  says  embracing  change  in  your  current 
position  will  serve  you  in  the  long  run. 

“The  best  advice  I  could  offer  would  be  to  not 
get  too  comfortable  with  where  you  are  in  an  IT 
organization  if  you  plan  to  move  up  the  chain. 
Embrace  change,  because  the  technology  is 
changing;  either  you  move  with  it,  or  it  moves 
without  you,”  he  says.“Stay  up-to-date  with  how 
the  new  technologies  may  affect  the  way  you  do 
things  within  your  organization,  and  keep  a  broad 
view,  because  a  narrow  focus  can  be  costly  — 
just  ask  the  people  who  invested  lots  of  money 
in  ATM  as  a  LAN  delivery  system.” 

Persistence  long  has  been  a  home  run  for  oft- 


quoted  industry  watcher  Frank  Dzubeck.  Dzu¬ 
beck,  president  of  consultancy  Communications 
Network  Architects,  learned  early  on  in  his  40- 
year  career  not  to  become  complacent. 

“If  you  start  to  get  lackadaisical  and  start  to 
enjoy  yourself  and  sit  back,  it  just  doesn’t  work,” 
Dzubeck  says.“Because  everything  changes. That 
has  kept  me  steady  all  the  way  through.” 

That’s  just  one  piece  of  the  lifelong  advice  Dzu¬ 
beck  received  when  he  was  a  22-year-old  sys¬ 
tems  representative  at  RCA,  a  now-defunct, Wash¬ 
ington,  D.C., computer  company  with  customers 
in  the  government  and  military  markets.The 
other  advice  was  to  be  creative  and  to  always 
take  risk. 

“Never  sit  back  and  just  assume  somebody  will 
do  something  for  you,”  he  says. 

“The  computer  industry  was  extremely  young 
at  that  time,  and  everybody  that  I  worked  with 
came  from  the  government  or  the  military1  he 
says.“They  didn’t  look  at  the  clock.” 

Tom  Bishop,  CTO  of  BMC  Software  with  20 
years  of  experience  at  such  companies  as  IBM 
Tivoli  and  start-up  Cesura  (formerly  Vieo),  says 
network  professionals  need  to  be  evolving  at  all 
times  to  stay  relevant  to  their  companies. 

“The  best  advice  1  got  and  can  offer  is  to  con¬ 
tinually  ask  yourself,  Am  1  doing  what  the  organi¬ 
zation  needs  me  to  do?’  If  you  aren’t,  then  some¬ 
one  is  not  happy  with  you.”  Bishop  says. “The 
answer  to  the  question  should  always  change  in 
terms  of  what  you  should  be  doing  to  be  useful 
to  the  organization. Today  it’s  all  about  business- 
oriented  IT,  and  holding  onto  any  old  view  of 
networking  will  only  make  you  a  dinosaur  in 
your  IT  shop” ■ 


YOUR  JOB  IS  TO  KEEP  SYSTEMS  AND  APPLICATIONS  RUNNING. 
OUR  MISSION  IS  TO  KEEP  PEOPLE  AND  INFORMATION  CONNECTED 

LET’S  WORK  TOGETHER. 


Continuous  access  to  information  no  matter  what.  That’s  information 
Availability.  It’s  what  your  employees,  suppliers  and  customers  demand  every 
minute  of  every  day.  But  to  deliver  it  flawlessly,  you  need  a  massive  global 
infrastructure,  redundant  systems  and  diverse  networks  being  monitored  and 
supported  by  skilled  technical  experts  at  secure  facilities.  That’s  exactly  what 
SunGard  provides. 

As  a  result,  we  can  offer  you  a  higher  level  of  availability  and  save  your 
company,  on  average,  25%*  versus  building  the  infrastructure  yourself.  Plus, 
it's  a  vendor  neutral  solution  that  lets  you  control  your  data,  applications  and 
network  while  giving  you  the  flexibility  to  adjust  to  the  changing  needs  of  your 
business.  But  best  of  all,  it  lets  you  spend  more  time  solving  business  problems 
and  less  time  solving  technical  problems. 


For  years,  companies  around  the  world  have  turned  to  SunGard  to  restore  their 
systems  when  something  went  wrong.  So,  it’s  not  surprising  that  they’re  now 
turning  to  us  to  mitigate  risk  and  make  sure  they  never  go  down  in  the  first  place. 


You  want  your  network  and  systems  to  always  be  up  and  running.  We  want  the 
same  thing.  Let’s  get  together.  To  learn  more,  visit  www.availability.sungard.com  01 
call  1-800-468-7483. 


SUNGARD 

Availability  Services 


’Potential  savings  based  on  IOC  White  Paper,  Ensuring  Information  Availability:  Aligning  Customer  Needs  with  an  Optima!  Investment  Strategy. 
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IT  experts  offer  their  advice  on  top 
technologies  including  VoIP,  patching, 
WAN  services,  SDA,  security  and  more. 


■  BY  THE  NETWORK  WORLD  STAFF 


ood  advice  is  generally  as  welcome  as  it  is  hard  to  come  by. 
Add  “free”  to  the  equation,  and  were  talking  rare  indeed. 

In  this  segment,  Network  World  reporters  have  turned  to  IT 
and  other  experts  who  are  willing  to  share  some  of  their 
favorite  insights  on  a  range  of  topics  facing  todays  network  profes- 
sionals.Topics  include: 


•  Planning  a  VoIP  rollout?  Keep  both  hands  on 
the  reins  lest  “feature  envy”  take  a  heavy  toll. 

•  “Patch,  patch,  patch,  test,  test,  test:”There’s 
more  to  it,  but  that’s  a  good  place  to  start. 

•  Want  the  latest  and  greatest  WAN  services? 
Don’t  get  locked  into  the  moldy  oldies. 

•  How  is  service-oriented  architecture  like  diet¬ 
ing?  Find  out  here. 

•  Managing  network  security  begins  with  man¬ 
aging  the  people  who  make  it  happen. 

•  If  you  think  e-mail  archiving  is  too  expensive, 
consider  the  cost  of  not  doing  it. 

Details  follow  —  did  we  mention  this  is  free? 


VoIP:  Ask  questions  upfront 

BY  TIM  GREENE  AND  PHIL  HOCHMUTH 

Unforeseen  VoIP  glitches  range  from  who  gets 
the  fancy  phones  to  how  you  track  phone  use 


by  department  so  you  can  bill  them  for  what 
they  use. 

The  phone  project  manager  should  have  veto 
power  over  who  requires  more  than  a  standard 
handset,  or  department  heads  will  start  dishing 
out  the  more  expensive,  feature-rich  models  to 
people  who  really  don’t  need  them. “They  want 
the  phones  with  more  buttons,”  says  Roger 
Fahnestock,  IT  director  for  Kane  County  govern¬ 
ment  in  Illinois. 

IP  call  servers  log  calls,  but  don’t  translate 
them  into  calls  by  department  or  flag  the  calls 
that  cross  the  public  phone  network  and  incur 
toll  charges.  Customers  should  plan  to  buy  soft¬ 
ware  that  converts  the  logs  into  readable  bills  if 
they  hope  to  charge  departments. 

Businesses  need  to  figure  out  how  costs  will 
be  divided  for  VoIR because  it  raises  all  sorts  of 
questions.  If  a  department  gets  one  more 
employee,  does  it  pay  for  the  phone?  If  all  the 
ports  on  that  department’s  switch  are  full,  who 
pays  for  another  switch?  If  the  IT  department 
pays,  what  is  a  good  way  to  plan  for  such  unex¬ 
pected  costs? 

Businesses  must  figure  out  how  long  they 
want  the  phones  to  work  when  the  power  fails. 
A  one-unit  battery  backup  may  support  a 
group  of  phones  for  20  minutes,  but  it  may 
require  extended-run  battery  modules  to  keep 
phones  up  for  three  hours. That  means  plan¬ 
ning  for  the  cost  of  the  backups  but  also  figur¬ 
ing  out  whether  there’s  enough  space  in  the 
wiring  closet  to  house  them.  In  some  cases,  a 
back-up  generator  may  be  a  better  option. 

Vendors  have  91 1  schemes  that  link  corporate 
IP  phones  to  physical  locations  so  ambulances 
can  find  the  person  who  made  a  call  for  help, 


but  these  systems  must  interface  with  carrier 
91 1  networks.  Expect  to  dedicate  time  to  make 
that  interface  work  properly,  because  it  is  far 
from  standard. 

Departments  left  to  set  up  their  own  interactive 
voice-response  systems  may  come  back  to  IT  for 
help  because  they  don’t  have  a  good  sense  of 
how  to  set  them  up.  For  example,  one  user  cited 
a  department  that  created  10  options  for  callers 
to  choose,  forced  them  to  listen  to  all  10  before 
they  could  punch  a  number,  and  had  no  option 
to  bump  out  to  an  operator.  As  a  result,  every¬ 
body  was  hanging  up  in  frustration  before  they 
made  a  selection. Then  the  department  head 
complained  that  the  phones  weren’t  working 
because  there  were  no  inbound  calls. 

If  VoIP  is  intended  to  minimize  the  number  of 
phone  lines,  businesses  should  plan  to  install  a 
fax  server  to  get  rid  of  analog  fax  lines.  And  if 
modems  are  necessary,  plan  to  keep  analog 
lines  to  support  them  or  be  prepared  to  suffer 
with  temperamental  analog-to-digital  modem- 
conversion  gear. 


Patching:  First  it's  not  impossible 

BY  JOHN  FONTANA 

“Patch,  patch,  patch,  test,  test,  test,  test,”  says 
Tim  Rice,  a  network  systems  analyst  in  the  de¬ 
partment  of  medicine  at  Duke  University  in 

See  Tips,  page  46 


TAKE  OUR  ADVICE: 


More  tips  on  these  subjects  can  be  found  at  www.networkworld.com ,  DocFinder:  9943. 
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Tips 

continued  from  page  44 

Durham,  N.C.Those  two  steps,  repeated  in  mul¬ 
tiples  year  in  and  year  out,  more  than  any  oth¬ 
ers  are  the  keys  to  patching  systems  from  any 
vendor.  Rice  doesn’t  apologize  for  the  apparent 
simplicity,  because  he  knows  the  task  is  any¬ 
thing  but. 

What  most  IT  managers  say  is  that  it  takes  a 
process  to  save  a  village. 

David  Giambruno  agrees  with  that.  His  tip? 
Tail  fast.” 

For  Giambruno,  director  of  strategic  infrastruc¬ 
ture  and  security  for  Pitney  Bowes  in  Stamford, 
Conn.,  that  means  he  knows  where  his  pain 
points  are  in  the  network  and  he  has  docu¬ 
mented  why  and  how  they  may  fail. “Fix  the 
pain  points  last.  Find  out  what  is  problematic, 
and  once  you  do  that,  you  will  find  you  have  a 
large  area  that  is  probably  pretty  easy  to  patch 
and  [is]  pretty  vanilla.You  get  comfortable,  and 
you  can  do  those  areas  quickly’ 

As  for  the  pain  points?  “You  are  going  to  have 
to  ask  for  forgiveness  initially’ Giambruno  says. 
But  eventually, you  document  why  certain  sys¬ 
tems  are  not  patched  or  protected  in  other 
ways, such  as  with  firewalls,  because  of  aging 
applications,  configurations,  hardware  or  depart¬ 
ment  heads  with  their  own  issues.  Documenting 
those  anomalies  lets  you  answer  intelligently  the 
inevitable  C-level  question: “Why  weren’t  those 
systems  patched?” 

Giambruno  says  if  you  can’t  answer  that  ques¬ 
tion, “you  are  the  sacrificial  lamb  at  that  point.” 

Duke’s  Rice  also  has  tips  for  keeping  client 
upgrades  as  easy  as  possible.“Keep  the  hard¬ 
ware  consistent.  Windows  XP  is  making  that  a 
lot  easier]’ he  says.“We  build  an  image,  put  all  of 
our  software  on  that  image,  do  a  system  prep 
and  drop  the  image  on  the  hardware.  At  most, 
we  run  a  repair” 

For  Bruce  Alcock,  IT  architect  for  Integris 
Health  in  Oklahoma  City,  Okla.,  one  of  the  keys 
to  client  upgrades  is  preparation.  His  organiza¬ 
tion  has  forced  end  users  to  put  their  key  files 
on  network  shares.Tverything  is  already  on 
the  network,  so  we’ve  found  this  is  not  only 
beneficial  for  client 
upgrades,  but  if  a 
user’s  PC  goes  out, 
they  lose  whatever  is 
on  the  local  drive. 

Forcing  them  to  the 
network  solves  lots 
of  problems." 

WAN  services: 

Maintaining 
flexibility  is  key 

BY  JIM  DUFFY 

WAN  services  ex¬ 
perts  recommend 
working  flexibility 
into  your  contracts: 

Technology  changes 


fast,  as  do  prices,  so  they  advise  you  to  structure 
contracts  that  keep  options  open. 

Coast  Capital  Savings  of  Vancouver,  the  sec¬ 
ond-largest  credit  union  in  Canada,  has  WAN 
contracts  that  run  three  to  five  years. Three  years 
ago,  the  company  intermeshed  58  offices  with 
fiber  services  running  VoIP  to  2,000  phones. 

At  the  time,  the  company  negotiated  “partial 
QoS”  for  this  network.  Had  the  company  known 
that  its  telephone  company  would  roll  out 
MPLS-based  services,  it  would  have  grand¬ 
fathered  in  tighter  QoS  guarantees  based  on 
MPLS. 

“Three  years  ago  I  didn’t  know  much  about 
MPLS,”  says  Luis  Henriques,  senior  network  engi¬ 
neer  for  Coast  Capital  Savings.“Right  now,  we’re 
running  over  a  partial  QoS  network  that’s  work¬ 
ing  99%  of  the  time,  but  we  do  still  have  1% 
worth  of  problems. You’re  signing  for  such  a 
long  time,  and  it’s  hard  to  know  what  new  tech¬ 
nologies  are  going  to  come  out  there.” 

Procurement  consultants  concur. 

“If  you  say  I’m  going  to  do  nothing  —  I’m 
going  to  keep  the  network  I  have  and  just  get  a 
lower  price  —  that  used  to  be  a  good  strategy 
in  the  short  term,  but  it  won’t  work  in  the  long 
term,”  says  David  Rohde,  a  senior  analyst  at 
TechCaliber. “You’ve  got  to  make  some  sort  of 
decision  about  your  technology  migration  now” 

Henriques  also  recommends  working  the  best 
WAN  prices  into  your  contract,  whether  that 
price  is  available  when  you  negotiate  the  con¬ 
tract  or  a  few  years  down  the  road  when  you 
need  those  circuits. 

“Today  a  10M  bit/sec  link  costs  you  $1,000,  but 
you  don’t  actually  need  any  today.  In  three 
years,  it  only  costs  $200,  but  according  to  your 
contract  you’re  bound  to  buying  it  for  $1,000,”  he 
explains.“You’ll  want  a  clause  in  there  to  say 
you’ll  be  guaranteed  the  best  price  at  the  time.” 

Users  should  also  grandfather  service-level 
agreements  into  any  new  circuits  they  add  dur¬ 
ing  the  life  of  the  contract. 

“When  we  signed  our  contract  we  had  45 
branches,”  Henriques  says. “Since  then,  we’ve 
grown  and  added  quite  a  few  more.  Fortunately, 
in  that  contract  was  a  statement  that  said  that 
any  new  links  will  adhere  to  the  technical 

agreements  in  the  con¬ 
tract,  and  they  will 
expire  at  the  same  time 
in  the  contract. You 
want  all  your  links  to 
expire,  as  far  as  the 
contract  is  concerned, 
at  the  same  time.  Other¬ 
wise,  it’s  harder  to  man¬ 
age  and  harder  to 
negotiate  a  new  con¬ 
tract  when  things  are 
expiring  at  different 
times.” 

Lastly,  if  any  hard¬ 
ware  is  needed, 
Henriques  suggests 
negotiating  new  equip¬ 
ment  purchases  with 


your  WAN  service  provider. They’ve  already 
bought  a  bunch  of  gear  for  their  own  networks 
and  have  wrung  the  best  prices  out  of  the  ven¬ 
dor,  he  says. 

“We  took  the  opportunity  to  put  in  that  con¬ 
tract  that  we  would  have  a  very  low  cost  —  a 
wholesale  price  plus  a  percentage,  which  is 
much  better  than  we  were  able  to  get  from  any 
other  networking  vendor]’  Henriques  says.“We 
saved  thousands  of  dollars  with  that.” 


S0A:  Here's  the  real  skinny 

BY  ANN  BEDNARZ 

Creating  a  service-oriented  architecture  is  like 
dieting:  As  much  as  it’s  tempting  to  shell  out 
money  for  the  latest  promising  gimmick,  the 
reality  is  that  reaching  the  goal  requires  a  signifi¬ 
cant  lifestyle  change. 

“Weight  loss  is  a  very  much  like  SOA  in  that 
it’s  a  discipline,”  says  Ron  Schmelzer,  a  senior 
analyst  at  research  firm  ZapThink.“lt’s  more 
important  to  change  the  behavior,  if  you  want 
to  change  the  outcome,  than  it  is  to  buy  some¬ 
thing  new” 

An  SOA  is  a  platform  for  building  modular,  re¬ 
usable  application  components  that  can  be 
called  and  combined  without  the  integration 
pains  of  past  development  efforts.  Pursuing  an 
SOA  approach  promises  to  make  new  and  exist¬ 
ing  IT  assets  more  flexible  —  and  therefore 
more  easily  tapped  for  use  in  different,  innova¬ 
tive  ways. 

But  like  the  latest  diet  fad,  the  SOA  approach  is 
vulnerable  to  backlash  from  unfulfilled  expecta¬ 
tions.  For  example,  reuse  of  services  is  a  key  ele¬ 
ment  of  an  SOA,  but  it  can  be  very  difficult  to 
achieve  if  teams  are  unwilling  to  share  applica¬ 
tions, says  David  Chappell,  principal  of  research 
and  consulting  firm  Chappell  &  Associates. 

Companies  can  try  exerting  pressure  from  top 
management,  or  implementing  a  charge-back 
policy  whereby  internal  customers  pay  the  inter¬ 
nal  service  suppliers,  or  selling  the  idea  of  reuse, 
because  it’s  best  for  the  company  as  a  whole  — 
but  none  of  these  approaches  is  easy,  Chappell 
says.Tve  talked  to  organizations  whose  SOA 
efforts  stopped  dead  because  they  couldn’t  deal 


with  this  problem.” 

Another  roadblock  to  SOA  adoption  is  the  ten¬ 
dency  for  companies  to  gravitate  to  familiar 
technologies. 

A  lot  of  people  are  pinning  their  hopes  on  the 
emerging  category  of  enterprise  service  bus 
(ESB)  products,  many  of  which  are  little  more 
than  old-school  messaging  brokers  with  new 
labels,  Schmelzer  says.  Adding  more  of  the  same, 
familiar  infrastructure  products  just  continues 
the  cycle  of  technology  rip-and-replace,  he  says. 

“People  are  really  overestimating  the  ability  for 
these  ESB  products  to  deliver  a  service-oriented 
architecture  for  them.”  On  the  other  hand,  the 
importance  of  tools  that  support  a  change  in 
development  behavior  —  such  as  process-mod¬ 
eling  tools,  metadata  management  and  registry 
products  —  are  underestimated,  Schmelzer  says. 

Equally  important  to  the  success  of  SOA  is 
understanding  when  it’s  appropriate.  Zeroing  in 
on  a  specific  business  need  can  help  compa¬ 
nies  make  decisions  about  how  much  of  their 
existing  applications  to  service-enable,  says  Theo 
Beack,  chief  SOA  architect  at  Software  AG.  In 
many  cases,  exposing  20%  or  30%  of  the  func¬ 
tionality  of  an  existing  legacy  application  as  a 
Web  service  can  yield  the  most  benefit.“That’s 
where  the  sweet  spot  lies,”  Beack  says. 

It’s  also  important  to  understand  that  not 
every  new  application  should  be  built  in  a  ser¬ 
vice-oriented  style.  It  takes  more  effort  to 
design,  create  and  secure  a  service-oriented 
application  than  a  traditional  multitier  applica¬ 
tion,  and  not  all  applications  are  likely  to  repay 
the  expense, Chappell  says.“An  application 
that’s  meant  to  be  used  only  by  a  relatively 
small  group  in  an  organization  might  not  be 
worth  the  expense  of  being  built  in  a  service- 
oriented  fashion,”  he  says. 

Key  to  avoiding  wasted  resources  is  having  the 
right  people  behind  an  SOA  effort.  A  lot  of  good 
developers  make  lousy  architects,  Schmelzer 
says.  Companies  today  are  hiring  architects  that 
are  measured  against  business  goals  —  such  as 
how  quickly  a  service  will  return  value  to  the 
business  —  not  traditional  development  goals. 

“If  we  can  get  it  right,  the  emergence  of  the 
architect  class  will  be  a  pretty  significant  trans¬ 
formation  for  the  IT 
industry’ 

Security:  Think 
people  first 

BY  ELLEN  MESSMER 

Managing  security  is 
as  much  about  man¬ 
aging  people  as  it  is 
software  and  hard¬ 
ware,  say  those  who 
do  it  for  a  living. 

Kirk  Drake,  vice  pres¬ 
ident  of  IT  at  the  NIH 
Federal  Credit  Union 
in  Rockville,  Md., says 
one  of  his  favorite 
management  tactics  is 


touching  base  every  day  with  the  IT  staff  in 
charge  of  network  and  applications. 

“I  figure  out  the  things  that  absolutely 
shouldn’t  go  wrong,  from  routers  to  financial 
things  such  as  dividend  postings  and  check 
files,  and  accept  no  compromise,”  Drake  says.“I 
send  out  periodic  reminders  and  check  to 
make  sure  that  things  get  done.” 

This  approach  is  intended  to  get  ahead  of 
problems  through  regular  contact  with  the 
dozen  IT  staff  members  that  support  the  back¬ 
end  applications  and  the  online  banking  used 
by  the  45,000  credit-union  customers. 

“I  look  at  log  reports  and  ask  questions,”  Drake 
says,  noting  constant  dialog  with  staff  has  been 
crucial  in  deploying  newer  technologies,  such 
as  data-leakage  prevention  to  stop  unauthorized 
transmission  of  sensitive  customer  information. 

Jack  Mackenzie,  principal  information  security 
engineer  at  mortgage  insurance  company 
Radian  Group  in  Philadelphia,  says  the  tip  he’d 
offer  first  also  has  to  do  with  helping  people  be 
more  effective  in  their  jobs.  Radian  Group  has 
five  security  specialists  interacting  with  an  IT 
staff  totaling  140. 

In  the  past,  IT  staff  would  tend  to  describe 
problems  they’d  encountered,  depositing  them 
at  his  doorstep,  waiting  for  him  to  discover 
something  that  might  resolve  them.  But  that 
method  didn’t  lead  to  successful  resolution  very 
quickly,  he  says. 

Mackenzie  now  lives  by  the  adage  that  “I  never 
take  others’  problems  and  make  them  my  own. 
I’ll  steer  them  toward  solving  it.”  He  says  he 
helps  staff  with  analysis,  answers  questions  and 
suggests  security  approaches,  but  makes  it  clear 
he  expects  those  directly  in  charge  will  execute 
any  necessary  changes.  And  he  checks  to  see 
that  it  happens. 

He  says  this  approach  encourages  IT  staff  to 
more  directly  confront  security  concerns,  and 
“problem-solve  and  bring  the  solution  back.” 

E-mail  archiving:  Better  safe 
than  sorry 

BY  DENI  CONNOR 

While  many  organizations  implement  e-mail 

archiving  for  regula¬ 
tory  compliance  or 
evidentiary  discovery 
purposes,  Paul 
Veeneman,  chief  tech¬ 
nology  engineer  for 
Hawkins  Chemical  in 
Minneapolis,  had  an 
entirely  different  rea¬ 
son:  He  wanted  to 
protect  one  of  his 
company’s  most  busi¬ 
ness-critical  applica¬ 
tions:  its  Microsoft 
Exchange  database. 

Veeneman  had  been 
protecting  his  Ex¬ 
change  5.5  server 
with  daily,  weekly  and 


monthly  full  backups. While  he  had  backups  of 
Exchange  that  he  kept  for  a  year,  from  time  to 
time  he  might  lose  e-mail  between  backups. 

“We  wanted  to  look  at  scenarios  that  could 
cause  potential  harm  to  the  users  or  business 
unit  if  data  was  lost,”  he  says.“E-mail  is  one  of 
the  most  important  applications  to  our  organi¬ 
zation  and  we  wanted  to  move  it  to  an  archival 
platform.” 

The  company  also  wanted  to  be  able  to 
archive  more  than  a  year’s  data. 

“Being  publicly  traded,  we  wanted  to  do  due 
diligence  to  our  shareholders  and  ensure  that 
our  data  is  archived  or  backed  up  in  the  best 
fashion, ’’Veeneman  says.“Although  we  don’t  have 
the  same  requirements  as  a  company  with  a 
trading  desk,  and  we  aren’t  burdened  with  find¬ 
ing  the  irrefutable  truth  for  litigation,  being  able 
to  recover  e-mail  has  come  in  handy  when 
someone  lost  a  message.” 

Veeneman  chose  Intradyn’s  ComplianceVault, 
an  e-mail  archiving  and  recovery  appliance. 
ComplianceVault  connects  to  the  Ethernet  net¬ 
work  and  is  bundled  with  Sony  AIT  tape  drives, 
where  e-mail  data  is  archived.  A  rules-based 
engine  allows  Veeneman  to  decide  when  e-mail 
is  migrated  and  archived  and  how  it  can  be 
recovered. 

Veeneman  says  being  compliant  wasn’t  com¬ 
pletely  a  matter  of  out  of  sight,  out  of  mind. 

“With  Sarbanes-Oxley  we  are  definitely  being 
held  to  a  higher  standard  in  protecting  the  data 
and  making  sure  the  data  is  available  even  if  the 
user  or  system  loses  data, ’’Veeneman  says. 

He  says  setting  up  e-mail  archiving  also  in¬ 
volves  determining  which  users  have  the  ability 
to  recover  messages.  In  Hawkins’  case, Veeneman 
chose  a  limited  set  of  individuals. 

“We  don’t  give  end  users  the  ability  to  get  in 
and  retrieve  their  own  data  —  that  creates  a 
Pandora’s  Box, ’’Veeneman  says.“What  we  have 
done  is  gone  through  a  secure  hierarchy  of  two 
to  three  users  who  can  access  e-mail  —  IT, 
human  resources  and  two  for  the  desktop  IT 
group.” 

“There’s  a  potential  for  malicious  activity,  and 
giving  human  resources  access  protects  us  from 
that,”  he  says.B 
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When  to  upgrade 

Insiders  share  rules  of  thumb  about  equipment  life  cycles. 


■  BY  JOHN  DIX 

There  are  no  hard-and-fast  rules  about  the  life  expectancy  of  net¬ 
work  equipment  because  it  varies  by  device  and  situation.  But 
wouldn’t  it  be  nice  to  know  industry  norms  the  next  time  you 
had  to  choose  between  polishing  up  a  box  or  taking  an  ax  to  it? 


Given  the  dearth  of  solid  data  on  the  subject, 
we  surveyed  the  product-test  experts  in  the  Net¬ 
work  World  Lab  Alliance  and  members  of  the 
Network  World  Advisory  Board  —  executives  in 
top  IT  spots  in  local  Massachusetts  organizations 
—  for  tips  on  when  enough  is  enough. 

The  findings,  as  one  respondent  put  it,  confirm 
shop-honed  intuition.The  average  life  expectancy 
of  hardware  is  three  to  five  years,  while  equip¬ 
ment  in  fast-evolving  markets,  such  as  security  is 
being  replaced  in  three  years  or  less,  and  larger 
iron  often  hangs  around  for  decades. 

“We  have  some  stuff  that  is  eight  or  nine  years 
old  that  just  sits  there  and  runs,”  says  Richard 
Glasberg,  director  of  enterprise  communications 
for  the  commonwealth  of  Massachusetts.“But  the 
rule  of  thumb  for  network  infrastructure  is  three 
to  five  years.  If  you’re  trying  to  keep  things  hum¬ 
ming  along  at  99.999%  uptime,  you ’ll  question 
anything  much  older  than  that.” 

Besides  upgrading  equipment  to  stave  off  fail¬ 
ure,  another  classic  driver  of  change  is  the  old 
software/hardware  upgrade  cycle,  most  famously 
witnessed  in  the  PC/Windows  realm. 

“Advances  in  software  mandates  hardware 
changes,  which  serves  as  the  platform  until  it  no 
longer  meets  the  needs  of  the  software,  so  you 
change  the  hardware  underneath  and  the 
dance  continues,”  says  Tom  Henderson,  princi¬ 
pal  researcher  for  ExtremeLabs  in  Indianapolis, 
a  Lab  Alliance  partner. 

Survey  respondents  expect  Windows-based  PCs 
to  last  3.5  years  on  average,  although  some  ques¬ 
tion  whether  that  is  about  to  change. 

“There  was  a  lot  of  thrash  when  we  went  from 
Windows  95  to  98  to  2000  and  then  to  XRwith 
Microsoft  upping  the  ante  on  how  much  re¬ 
sources  you  needed,”  says  Lab  Alliance  member 
Joel  Snyder,  a  senior  partner  at  OpusOne,a  con¬ 
sulting  firm  in  Tucson,  Ariz.“But  things  have 
been  quiet  since  XP  came  out.XP-based  sys¬ 
tems  may  actually  end  up  lasting  five  or  more 
years  —  first,  because  there  isn’t  a  new  operat¬ 
ing  system  [in  the  immediate  future], and  sec¬ 
ond,  anything  that  is  XP-compatible  probably 


has  sufficient  CPU  and  memory  to  run  for  quite 
a  while.” 

Fast-evolving  performance  and  capacity  de¬ 
mands  are,  of  course,  at  the  root  of  many  deci¬ 
sions  to  replace  gear,  from  switches  to  servers 
and  storage. 

“It’s  not  because  your  gear  isn’t  up  to  spec  or 
doesn’t  work  anymore;  it  just  doesn’t  do  what  you 
need  it  do  anymore,”  Snyder  says.“You  might  go 
buy  a  SonicWall  firewall  appliance  for  aT-1  at  a 
remote  office,  and  then  two  weeks  later  have  your 
cable  provider  offer  you  7M  bit/sec.” 

Sometimes  significant  advances  in  a  given  tech 
sector  provide  the  impetus,  such  as  the  arrival  of 
100M  bit/sec  Ethernet. While  early  adopters  ini¬ 
tially  installed  those  big  pipes  to  serve  band¬ 
width-hungry  segments,  as  LAN  prices  fell  and 
application  demand  continued  to  advance,  it 
didn’t  take  long  to  reach  the  tipping  point  that 
led  to  wholesale  network  overhauls. 

Technologies  such  as  Gigabit  Ethernet  and 
802.  IX  authentication  may  lead  to  a  new  round 
of  infrastructure  upgrades  in  the  coming  years. 

VoIP  is  another  new  arrival  that  is  spurring  net¬ 
work  overhauls.  Data  networks  typically  have  to 
be  spruced  up  before  voice  can  be  introduced 
into  the  traffic  mix  with  any  confidence.  But 
while  IP  PBXs  promise  many  advances,  longevity 
—  when  compared  with  the  machines  they  re¬ 
place  —  isn’t  one  of  them.  Our  expert  panel  ex¬ 
pects  IP  PBXs  to  last  only  6.5  years  on  average, 
while  traditional  PBXs  could  be  counted  on  for 
8.5  or  more  years. 

“Telecom  products  typically  had  long  deprecia¬ 
tion  cycles  because  phones  never  changed,  the 
software  never  changed  and  the  application 
never  changed,”  Henderson  says.“But  that’s  all 
changing  with  VoIP  I’ve  seen  some  compelling 
new  applications  for  Cisco  and  Avaya  phones, 
but  of  course  only  if  you  have  the  phones  with 
the  cool  640x480  color  LCD  display  Phone  fea¬ 
tures  are  evolving,  which  is  cutting  down  on  the 
useful  lives  of  the  equipment." 

Sometimes  the  arrival  of  a  new  technology 
will  encourage  vendors  to  try  to  spur  migra- 


Life  expectant  of  network  gear 
in  years 


All-in-one  security  appliances 

3.5 

Backbone  routers 

5.0 

Branch-office  routers 

4.0 

Campus  wiring 

9.5 

Cell  phones 

2.0 

Chassis-based  network  switches 

4.5 

Departmental  copiers 

4.0 

Desktop  monitors 

4.0 

Desktop  printers 

3.5 

Digital  telephones 

6.0 

Enterprise  high-volume  copiers 

4.0 

Enterprise  storage  arrays 

5.0 

Firewalls 

3.5 

Intel-architecture  desktops 

3.5 

Intel-architecture  laptops 

2.5 

Intel-architecture  servers 

4.0 

Intrusion-prevention  systems 

3.5 

IP  PBXs 

6.5 

IP  telephones 

4.5 

Macintosh  desktops 

3.5 

Macintosh  laptops 

2.5 

Mainframes 

8.5 

Minicomputers 

7.0 

NAS  devices 

4.0 

Office  multifunction  printers 

3.5 

PBXs 

8.5 

PDAs 

2.0 

Room  videoconferencing  systems 

5.0 

SAN  switches 

3.0 

Stackable  network  switches 

4.5 

Uninterruptible  power  supplies 

6.0 

VPN  solutions 

3.0 

Wi-Fi  net-access  points 

3.0 

Wi-Fi  switches 

3.0 

Windows  for  desktops 

3.0 

Windows  for  servers 

3.5 
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tion  by  driving  maintenance 
costs  for  the  old  gear  through 
the  roof.“We  had  to  kill  our 
Lucent  PBX  even  though  it 
was  only  3  years  old  because 
the  upgrade  cost  was  almost 
equal  to  the  original  capital 
expenditure,”  Henderson  says. 

Vendors  typically  say  they  will 


support  a  device  for  two  years 
after  they  stop  selling  it,Glas- 
berg  says. So  if  you  tack  those 
two  years  on  to  a  normal  life 
expectancy  of  five  years,  you 
get  an  outside  range  of  up  to 
seven  years. 

In  the  later  stages  of  that  cycle, 
vendors  offer  trade-in  allow¬ 


ances  as  an  inducement  to 
swap  up,  and  that  can  lead  to 
some  tough  decisions.  Jump  too 
early  and  you  don’t  get  the  most 
out  of  your  original  investment; 
jump  too  late  and  you  minimize 
the  allowances  or  miss  them 
altogether,  Glasberg  says. 

Luckily,  the  timing  usually 


works  out,  he  says.“When  a  ven¬ 
dor  is  ready  to  retire  something, 
you’re  probably  ready  to  get  rid 
of  it.” 

Security  evolution 

Security  products  are  proba¬ 
bly  not  the  type  of  equipment 
that  buyers  will  hold  onto  for 


seven  or  more  years. 

Security  gear  gets  obsolete  for 
two  reasons,  Snyder  says.“One, 
the  loads  we  put  on  them 
increase  because  bandwidth 
usage  continues  to  go  up,  and 
two,  we  stretch  them  by  loading 
up  more  applications.” 

As  an  example  of  the  latter, 
Snyder  says  if  you  bought  a  fire¬ 
wall  and  later  decided  you 
wanted  to  use  virus  scanning,  it 
might  not  be  fast  enough  for 
the  new  load. 

As  vendors  add  more  applica¬ 
tions  and  functions  to  their 
gear,  the  performance  tends  to 
drop,  encouraging  people  to 
consider  new  options.  Security 
gear  in  general  seems  to  be  on 
a  faster-than-normal  upgrade 
cycle,  Snyder  says. 

In  some  cases  that  cycle  is 
simply  driven  by  technology 
advances.  A  good  example  is 
an  intrusion-detection  system 
(IDS). While  IDS  provided 
many  new  capabilities,  intru¬ 
sion  prevention  provided 
even  more. 

Big  boxes 

At  the  other  end  of  the  life- 
cycle  spectrum  you  have  big 
iron, such  as  large  minicomput¬ 
ers  and  mainframes. 

Even  with  new  machines 
available  for  a  fraction  of  the 
cost,  customers  are  reluctant  to 
replace  this  gear  because  the 
operating  systems  and  applica¬ 
tions  are  dyed-in-the-wool. 

“There  are  still  folks  out  there 
running  VMS,”  Snyder  says  of  the 
venerable  Digital  Equipment 
Corp.  operating  system.“lt’s  not 
because  they  are  in  love  with  it, 
but  because  they  have  an  app 
everyone  is  comfortable  with 
and  the  performance  hasn’t 
degraded  to  the  point  where  it’s 
worth  going  through  that  horri¬ 
ble  forklift  upgrade.” 

However,  with  transaction  vol¬ 
umes  increasing  and  the  size  of 
transactions  going  up,  compa¬ 
nies  may  face  the  need  to  re¬ 
place  some  big  boxes  sooner 
rather  than  later,  Snyder  says. 

Will  the  upgrade  conveyor 
belt  ever  stop?  Probably  not, 
but  it  may  slow  down  as  the 
technology  becomes  more 
commodity  in  nature,  and  fun¬ 
damentals  such  as  security  are 
baked  in  from  the  start  and  we 
make  progress  toward  true  util¬ 
ity  environments. 

Until  then,  lace  up  your 
sneakersH 
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Something 
nothing 


Where  to  find  and  haw  to  take  advantage  of  freeware 
and  open  source  applications. 


BY  DENISE  DUBIE  AND  ANN  BEDNARZ 


he  adage  ‘you  get  what  you  pay  for’  doesn’t  necessarily  apply  to 
the  freeware  and  open  source  software  available  for  download 
at  no  cost. 


For  many  corporate  IT  managers,  free 
tools  provide  much-needed  technology  in  a 
pinch  and  augment  existing  investments  in 
commercial  products.  While  the  nonexistent 
price  tag  initially  draws  people  to  freeware,  it’s 
the  versatility  the  downloadable  tools  provide 
that  keeps  users  coming  back,  proponents  say 

Kerry  Miller,  network  engineer  at  First  Victoria 
National  Bank  in  Victoria, Texas,  says  his  organi¬ 
zation  recently  started  using  a  program  called 
Argus  to  monitor  servers  and  routers  in  the 
bank’s  network.  Miller  says  the  software  applica¬ 
tion  is  similar  to  Ipswitch’s  WhatsUpGold  com¬ 
mercial  software,  but  it’s  free.  He  uses  Argus  in 
conjunction  with  Multi  Router  Traffic  Grapher  — 
a  freeware  staple  for  many  IT  managers  —  to 
monitor  connections  and  bandwidth. 

“Argus  is  something  we  stumbled  across,  and  it 
turned  out  to  be  much  better  than  the  commer¬ 
cial  products  we  looked  at”  for  monitoring  about 
30  devices,  Miller  says.“It  didn’t  require  as  much 
customization  for  us  to  get  it  working.” 

Miller  also  uses  Snort  intrusion-detection  soft¬ 
ware  and  ACID,  a  tool  for  analyzing  Snort  event 
data.  For  Miller,  ACID  makes  the  data  Snort  col¬ 
lects  more  accessible  to  non-expert  IT  staff. 

“If  you  have  some  networking  experience, 
these  tools  definitely  are  easier  to  use,  but 
adding  the  Web-based  front  end  makes  it  simple 
to  run  reports  on  the  Snort  data  collected,” 
Miller  says. 

In  some  cases,  freeware  solves  an  unusual 
problem  for  users  who  couldn’t  find  the  same 
features  in  a  commercial  offering.There  is  a  lot 
of  good  technology  out  there  that  wouldn’t  draw 
a  big  enough  commercial  market,”  says  Mark 
Douglas,  vice  president  of  engineering  and  oper¬ 
ations  at  online  dating  company  eHarmonycom 
in  Pasadena,  Calif.“So  I  can  get  technology  that 
would  otherwise  not  be  available  to  me.” 

Douglas  recently  started  using  FileZilla,  an  FTP 
client  program  that  helps  him  move  files  between 
data  centers  without  adding  a  line  item  to  his 


budget.  Douglas  uses  many  open  source  tech¬ 
nologies  such  as  Tomcat,  MySQL  and  Apache. 

“The  plus  with  open  source  and  freeware  is 
that  it’s  not  just  what  you  can  write  yourself  to 
solve  a  problem,  it’s  what  all  your  peers  are  creat¬ 
ing  and  sharing  to  solve  universal  problems,” 
Douglas  says. 

Douglas  uses  search  engines  such  as  Google 
when  he  needs  to  find  a  specific  tool.  He  also 
stays  on  top  of  what’s  available  through  RSS 
feeds  from  download  sites  such  as  freshmeat.net 
and  SourceForge.net. 

A  Web  search  helped  Rick  Beebe  findTTCPa 
free  network-throughput  tester  from  Netcordia, 
when  he  had  to  figure  out  why  two  adjacent 
machines  were  experiencing  vastly  different 
transfer  rates.  One  was  getting  50M  bit/sec  rates 
and  the  other  only  3M  bit/sec,  says  Beebe,  man¬ 
ager  of  system  and  network  engineering  for  ITS- 
Med  at  the  Yale  University  School  of  Medicine  in 
New  Haven,  Conn. 

“In  this  case,  I  ran  into  a  weird  little  problem 
that  is  kind  of  different  from  what  I  have  in-house 
to  track  it  down,”  Beebe  says.  He  used  TTCP  to 
test  network  throughput  to  the  two  machines  and 
quickly  resolved  the  problem. 

“In  a  bigger  use  case,  I  may  look  for  a  commer¬ 
cial  product,  but  I  just  searched  online,  found 
this  and  was  able  to  fix  the  problem,”  Beebe  says. 


Bargain  shopping 

A  sampling  of  free  stuff,  and  where  to  find  it. 


The  availability  of  low-  or  no-cost  alternatives 
can  help  users  squeeze  some  free  extras  from 
commercial  software  makers.  At  research  firm 
Gartner’s  June  security  event,  40%  of  companies 
with  more  than  500  desktops  said  they  were 
getting  their  anti-virus  vendors  to  throw  in  anti¬ 
spyware  functionality  for  free.  Gartner  projects 
this  will  grow  to  95%  by  year-end  2007. 

Customers  should  demand  that  anti-spyware  be 
provided  at  no  additional  cost  when  it  comes 
time  to  renew  desktop  anti-virus  contracts,  the 
firm  suggests.Threatening  to  go  to  another  ven¬ 
dor  that  won’t  charge  for  anti-spyware  functional¬ 
ity  can  make  a  difference  —  and  it  may  work  for 
getting  free  personal-firewall  functionality  as  well. 

Meanwhile,  vendors  find  that  offering  free  light¬ 
weight  versions  of  commercial  software  drives 
future  business  as  users  grow  to  need  greater 
functionality 

Gent  Hito,  president  and  CEO  of  /n  Software, 
says  making  a  free  version  of  applications  avail¬ 
able  helps  his  customers  decide  whether  the 
technology  is  right  for  them  before  spending 
money. The  company  doesn’t  charge  for  its 
IP*Works!  EDI  AS2  Connector,  a  lightweight 
application  for  sending  and  receiving  electronic- 
data-interchange  documents  over  the  Internet 
via  AS2.  Companies  with  an  existing  business-to- 
business  infrastructure  can  use  the  adapter  to 
communicate  with  a  single  trading  partner  for 
free;  to  communicate  with  more  than  one 
requires  buying  a  license. 

In  Software  hasn’t  officially  announced  the 
new  tool  but  word  of  mouth  is  spreading  fast, 
Hito  says.  ■ 


Tool 

Type  of  application 

Download  from 

Argus 

Network-  and  system-monitoring  software 

argus.tcp4me.com 

FileZilla 

FTP  client  and  server 

Filezilla.sourceforge.net 

IP'Works!  EDI  AS2  Connector 

Application  for  sending  and  receiving  documents  via  AS2  www.nsoftware.com/ipworks/edi/connector/ 

OpenNMS 

Open  source  network-management  platform 

www.opennms.org 

TTCP 

Network-throughput  tester 

www.netcordia.com/tools/tools-ttcp.shtml 

TAKE  OUR  ADVICE: 

Don't  be  shy  about  pushing  vendors  for  free  or  discounted  software  by  mentioning  competing  open  source  tools. 
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Indiana  Universi 
goes  wireless 


University  network  exec  shares  experiences 
and  challenges  of  rolling  out  wireless  across 
two  campuses. 


■  BY  CAROLYN  DUFFY  MARSAN 

NDIANAPOLIS  —  ROLLING  OUT  WIRELESS 
Internet  access  is  tricky  especially  when  it  comes 
to  finding  the  best  locations  for  wireless  gear.  Even 
more  important  is  making  sure  that  wireless  com¬ 
munications  are  secure.  Network  World  spoke  with 
Indiana  University  Acting  Associate  Vice  President 
for  Telecommunications  Mark  Bruhn  about  these 
and  other  challenges  that  Indiana  University 
faced  in  deploying  nearly  1 ,600  wireless-access 
points  across  its  two  main  campuses.  Here  are 


excerpts  from  the  conversation: 


Can  you  describe  Indiana  Uni¬ 
versity’s  network  infrastructure? 

We  have  responsibility  for  the  core 
campuses  at  Bloomington  and 
Indianapolis. We  have  about  3,000 
acres  of  campus  at  Bloomington 
and  600  acres  in  Indianapolis.There 
are  hundreds  of  buildings.  We  run 
the  core  network  to  all  those  build¬ 
ings.  We  also  run  the  statewide  net¬ 
work  that  connects  eight  regional 
campuses  to  Indianapolis  and  to 
the  outside  world. 

The  ballpark  number  of  users  is 
126,000.That  would  include  98,000 
to  99,000  students,  5,000  faculty  and 
another  10,000  staff.  We  also  have  a 
category  of  “other  users,”  such  as 
contract  programmers. 

The  number  of  users  is  getting 
higher  because  we’re  attempting  to 
better  serve  our  admitted  students 


and  even  prospective  students.  We 
have  students  who  are  no  longer 
enrolled  but  still  have  some  contin¬ 
uing  tie  with  the  university  whether 
they  owe  a  bursar  bill  or  have  in- 
completes.That  number  of  126,000 
is  going  to  grow  as  we  take  into 
consideration  these  peripheral  rela¬ 
tionships.  Identity  management  is  a 
huge  area  for  us. When  we  install 
wireless,  we  want  to  make  sure  that 
the  people  who  are  using  our  wire¬ 
less  network  are  the  people  who 
are  affiliated  with  Indiana  Univer¬ 
sity  and  should  be  allowed  to  use 
that  resource. 

Where  does  the  wireless- 
access  piece  fit  in? 

All  over  the  place.  We  have  all  of 
our  administrative  and  academic 
buildings  100%  covered  by  wire- 


-■ 


Mark  Bruhn,  acting  associate  vice 
president  for  telecommunications  at 
Indiana  University,  has  deplc  ed  wire¬ 
less  for  126,000  end  users. 


JOHN  BRAGG 


less,  although  we  do  identify  dead 
spots  periodically.  On  the  Bloom¬ 
ington  and  Indianapolis  campuses, 
about  85%  to  90%  of  the  outside 
areas  that  matter  are  covered  by 
wireless.  We’ve  been  looking  at 
areas  where  students  and  faculty 


congregate  and  where  wired 
access  isn’t  possible. 

At  some  point,  we  may  think  we’ve 
got  all  the  outside  areas  that  matter 
covered,  but  then  certainly  there 
will  be  areas  brought  to  our  atten- 

See  Bruhn,  page  55 


TAKE  OUR  ADVICE: 

My  advicB  is  that  you  shouldn't  roll  out  wireless  access  without  encryption. 

1 

" 

200  remote  servers? 

One  solution. 


Introducing  the  next 
generation  of  KVM 
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•  Get  to  them  all  without  the  access  limitations  of  a  KVM  switch. 
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Think  about  how  you  're  going  to  feel  if  your  corporation  has  a 
wireless  network  and  that  wireless  network  is  used  to  perpetrate 
a  heinous  crime.  WEP  is  not  a  good  solution.  VPNs  are  a 
reasonable  solution. 


Bruhn 

continued  from  page  53 

tion  by  faculty  and  students, 
and  we’ll  have  to  go  out  and 
take  a  look.  Wireless  in  resi¬ 
dence  halls  hasn’t  been  a  high 
priority  because  every  room  has 
at  least  one  data  jack  and  all  the 
common  areas  have  data  jacks. 
We’re  doing  the  residence  halls 
last  because  the  students 
already  have  connections. 

When  did  Indiana  Univer¬ 
sity  begin  its  wireless 
rollout? 

Early  2003. We  had  a  few  hundred 
—  maybe  300  or  400  —  wireless- 
access  points  on  the  Bloomington 
campus.  My  predecessor  told  the 
telecom  staff  that  we  were  going  to 
double  that  number  over  the  space 
of  a  year  or  18  months.  And  we  did. 
The  last  number  I  saw  was  978  wire¬ 
less-access  points  at  Bloomington 
and  600  at  Indianapolis. 

How  did  you  select  the 
equipment? 

We  standardized  on  Vivato  outside, 
and  the  equipment  inside  was 
Lucent/Orinoco  [now Proximj.We 
engaged  a  consulting  company  to 
advise  us  and  do  some  preliminary 
site  surveying.  After  that  engagement 
was  complete,  and  we  had  a  good 
idea  of  how  many  access  points  we 
would  initially  need  and  where  they 
would  be  placed,  we  released  a 
request  for  proposals  for  hardware. 

Did  you  do  this  wireless  rollout 
with  your  own  staff  or  did  you 
contract  it  out? 

All  of  it  was  done  internally  One  of 
the  things  we  dealt  with  was  that 
you  can  place  a  little  piece  of 
equipment  in  a  ceiling  panel  just 
about  anywhere,  but  then  you’ve  got 
to  get  wiring  to  it.The  network 
cabling  wasn’t  overly  difficult,  but 
you  have  to  get  power  to  those 
things.The  areas  where  they  don’t 
have  ready  access  to  power,  they’ve 
been  using  Fbwer  over  Ethernet, 
which  has  been  outstanding,  be¬ 
cause  then  you  run  the  one  cable 
and  you  don’t  have  to  worry  about 
looking  around  for  a  conduit  to  tap 
or  a  box. 

How  much  have  you  spent  on 
wireless-access  initiatives  dur¬ 
ing  the  last  18  months? 

The  total  amount  was  just  short  of 


$1  million. We  estimate  that  the  cost 
of  maintenance  and  life-cycle  re¬ 
placement  amounts  to  about 
$250,000  per  year.  We’re  on  a  three- 
to  four-year  replacement  cycle. 

Describe  some  of  the  rollout’s 
challenges. 

Getting  the  wires  from  a  switch  to 
the  wireless  access  point.  We’ve  got 
older  buildings,  especially  in 
Bloomington. The  architects  don’t 
want  you  to  run  an  ugly  conduit 
on  the  outside  of  a  hallway  so  you 
have  to  be  a  bit  more  creative.  The 
network  connection  and  the 
power  continue  to  be  a  challenge. 
When  you  look  at  a  site  survey, 
that’s  obviously  one  of  the  things 
you  look  at  first. 

Coverage  is  another  thing.  In  some 
of  these  buildings  you  have  to 
make  sure  you  place  these  things 
very  carefully  So  you  do  your  site 
survey  and  you  put  them  up,  and 
then  you  have  to  move  them 
around  to  make  sure  you  get  the 
most  coverage  out  of  one  wireless- 
access  point. You  want  to  get  the 
coverage  as  dense  as  you  can  but 
avoid  overlap. 

Microwaves  are  an  issue.  We  have 
microwave  ovens  in  little  kitchens 
in  some  departments. You  have  to 
make  sure  that’s  taken  into  account. 

One  of  the  biggest  things,  though, 
that  we  had  to  worry  about  is  secu¬ 
rity  Once  wireless  is  pervasive,  how 
do  we  make  sure  that  university  re¬ 
sources  are  not  being  used  by 
someone  who  is  not  eligible?  The 
solution  that  we  settled  on  is  a  set  of 
VPN  servers.To  access  our  network, 
you  have  to  provide  your  university 
credentials.You  have  to  use  your 
network  ID  and  password  to  authen¬ 
ticate  to  the  VPNs,  and  then  you  are 
assigned  a  routable  address. 


Did  you  have  any  pushback 
from  users  about  needing  to  log 
on  and  type  in  a  password  to 
get  wireless  access  when  they 
don’t  have  to  do  that  for  wired 
access? 

No. The  wireless  network  was  new 
to  many,  many  users,  and  authenti¬ 
cation  came  with  it. We  used  their 
university  credentials,  so  they  didn’t 
have  to  memorize  another  user 
name  and  password.  I  think  we’re 
going  to  start  getting  a  bit  more 
pushback  when  we  start  doing 
authentication  with  the  wired  net¬ 
work,  because  people  are  used  to 
not  having  to  do  that  process. 

How  do  you  handle  guest  users 
on  the  wireless  network? 

If  a  visiting  scholar  comes  to  a 
particular  department  for  a  few 
days,  we  can  issue  an  Indiana  Uni¬ 
versity  credential.  We  call  them 
affiliate  accounts.  We  built  a  system 
for  issuing  and  tracking  affiliate 


accounts.  It  was  based  on  our 
VPN  servers.  What  we  discov¬ 
ered  is  that  VPN-over-VPN  con¬ 
nections  don’t  work.  When  we 
were  authenticating  our  guest 
credentials  with  our  VPNs,  and 
the  guests  needed  to  access 
their  VPNs  at  their  home  orga¬ 
nizations,  they  were  establish¬ 
ing  another  VPN  connection 
on  top  of  our  VPN  connection, 
and  that  was  bad  news.  So  we 
are  rolling  out  a  different 
authentication  scheme  for 
guest  users.  We  are  using  HP 
740  Access  Control  Servers, 
and  we  are  authenticating 
using  RADIUS-based  credentials 
instead  of  VPNs. 

What  have  been  the  biggest 
benefits  of  the  wireless  rollout? 

Wireless  made  us  rethink  some 
security  issues,  for  example,  the 
guest  credentialing  scheme  and  the 
new  user  authentication  scheme. 
We  knew  we  needed  these 
schemes  for  wireless,  and  then  that 
smoothed  the  process  for  rolling 
them  out  on  the  wired  network. 

A  few  years  back,  there  was  a 
major  university  that  announced  it 
was  the  first  to  cover  its  campus 
with  ubiquitous  wireless.  But  the 
university  had  no  protection  on  its 
wireless  network. 

Once  it  made  that  announce¬ 
ment,  it  ended  up  offering  half  the 
community  free  Internet  access.  We 
knew  we  weren’t  going  to  do  wire¬ 
less  like  that.That’s  why  we  rolled 
out  our  VPN  simultaneously  with 
our  wireless  access.  ■ 


Getting  personal: 


Name: 

Mark  Bruhn 

Titles: 

Acting  associate  vice  president  for  telecommunications  and  chief  IT  security 
and  policy  officer. 

Organization: 

Indiana  University 

Responsibilities: 

Maintain,  operate  and  secure  the  network  infrastructure  and  key  network 
applications  including  data,  video  and  voice  services. 

Annual  network 
budget: 

$10  million  for  e-mail,  video  and  other  data  applications;  $17  million  for 
voice  services. 

Staff  size: 

115 

Previous  jobs: 

Bruhn  has  been  at  Indiana  University  since  1985,  serving  as  IT  policy  officer, 
disaster-recovery  project  leader,  deputy  director  of  the  computer  security 
office  and  information  security  officer  Previously,  he  was  in  the  U.8.  Air  Force. 

Education: 

Bruhn  holds  a  bachelor  of  science  degree  in  computer  science  from  Park 
College  and  CISSP  and  CI8M  certifications. 

The  things  you  won’t  find  in  print 

Read  an  expanded  version  of  the  interview.  DocFincter  9921 
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king  charge 

Tips  and  tricks  for  tackling  your  responsibilities  as  a  manager  of  people,  projects  and  vendors. 


BY  AMY  SCHURR 

S  IF  KEEPING  THE  NETWORK  AND  SYSTEMS  HUMMING 
along  isn’t  enough  to  handle,  IT  leaders  also  must  manage  staff, 
negotiate  with  vendors,  oversee  projects  and  deal  with  whatever 
else  is  thrown  at  them. 

Here  are  some  tips  from  IT  execu¬ 
tives  and  management  experts  for 
keeping  employees  skilled  and  satis¬ 
fied,  striking  deals  with  vendors  and 
service  providers,  and  guiding  roll¬ 
outs  big  and  small. 

Staff  management 

Todays  IT  leaders  are  charged  with 
managing  a  virtual  network  of  re¬ 
sources, says  Mike  Czinege,  CIO  of 
Applebee’s  International  of  Overland 
Park,  Kan.  For  example,  Czinege’s  virtu¬ 
al  workforce  includes  about  90  inter¬ 
nal  part-time  and  full-time  IT  employ¬ 
ees,  independent  contractors,  offshore 
technologists  and  software  vendor 
consultants. 

He  says  that  today’s  IT  executives 
aren’t  evaluated  solely  on  whether 
they  get  their  projects  done. “They’re 
evaluated  on  how  well  they  under¬ 
stand  the  skill  sets,  what  skill  sets  they 
have,  and  how  to  look  outside  and 
find  the  skill  sets  they  need,  anywhere, 
at  any  time,  and  at  the  right  cost.” 

Czinege  stresses  that  IT  leaders  must 
be  clear  about  their  strategic  sourcing 
objectives  and  continually  develop  employees, 
putting  an  equal  amount  of  responsibility  for 
career  development  on  workers.“Allow  them  to 
work  with  you  to  develop  a  plan  to  enhance 
their  career  opportunities  internally  and  the  real¬ 
ity  is  externally,  too,”  he  recommends. 

As  for  your  own  skills,  continue  to  hone  your 
business  sawy.“Don’t  underestimate  the  power 
and  influence  of  the  change  in  requirements  for 
deeper  business  insight  and  understanding,” says 
Diane  Morello.a  vice  president  for  Gartner.“C10s 
and  their  IT  managers  need  to  understand  that 
this  change  is  real,  it’s  coming,  and  if  managers 
themselves  don’t  believe  it’s  happening  they  put 
their  organization  and  themselves  at  risk.” 

Vendor  negotiation 

When  it’s  time  to  sign  on  the  dotted  line, 


make  sure  the  contract  gives  your  business 
flexibility. This  is  especially  true  of  voice  and 
data  deals  in  a  time  of  carrier  consolidation 
and  emerging  services. 

“We  have  seen  so  many  instances  where  cus¬ 
tomers  have  been  relegated  to  making  network 
decisions  based  on  their  contract  terms  and  con¬ 
ditions  as  opposed  to  supporting  business  objec¬ 
tives,”  says  Dave  Muller, COO  ofTelwares,aVercuity 
company  specializing  in  telecom  procurement 
and  contract  negotiations  in  Destin,Fla. 

Telwares  recommends  setting  your  overall 
contract  commitment  at  65%  or  less  of  your 
expected  telecom  expenses.  If  you  intend  to  pur¬ 
chase  $5  million  in  services  from  a  carrier  over 
the  next  three  years,  for  instance,  negotiate  an 
overall  commitment  of  $3.25  million  or  less. 

“The  carrier  will  be  continuously  in  a  position 


of  potentially  losing  35%  of  its  customer  revenue 
base.  I  can  think  of  no  better  way  to  ensure  your 
carrier  maintains  its  value  as  a  vendor  to  your 
company  Muller  explains.  Along  with  leverage, 
you’ll  gain  flexibility  to  switch  traffic  to  another 
carrier  if  necessary 

Jim  Medeiros,  vice  president  of  IS  for  United 
Parcel  Service  (UPS)  in  Atlanta,  adds, 
“You  need  to  be  vigilant  about  separat¬ 
ing  what  your  organization  needs  from 
what  the  vendor  wishes  to  sell  to  you.” 

For  example,  when  UPS  recently 
completed  a  major  software  contract, 
the  vendor  wanted  to  throw  in  prod¬ 
ucts  that  had  questionable  cost  bene¬ 
fit.  Senior  management  from  both 
companies  had  to  get  involved  to  dif¬ 
ferentiate  the  products  UPS  could  justi¬ 
fy  negotiate  a  unique  contract  that  the 
vendor’s  local  sales  team  wasn’t  em¬ 
powered  to  offer  and  agree  to  a  time¬ 
line  for  the  deal. 

Project  management 

If  you  don’t  have  a  big  backer  for  an 
IT  project,  don’t  bother,  according  to 
Gopal  Kapur,  president  of  the  Center 
for  Project  Management  in  San 
Ramon,  Calif. The  sponsor  should  be  at 
the  executive  level  and  have  the  requi¬ 
site  authority  and  resources.“Without 
the  guidance,  leadership,  commitment 
and  authority  of  a  skilled  sponsor,  pro¬ 
ject  success  will  continue  to  be  a  shot 
in  the  dark.The  chances  of  project 
success  are  close  to  nil,”  he  says. 

Kapur  cites  Cedars-Sinai  Medical  Center’s  infa¬ 
mous  $34  million  computerized  physician  order- 
entry  system,  which  was  scuttled  just  three 
months  after  rollout. The  reason  was  a  lack  of 
high-level  medical  professional  sponsorship. 

Once  you  have  senior  management’s  blessing, 
strike  while  the  iron  is  hot,  advises  Kevin  Lopez, 
the  national  telecom  manager  who  spearheaded 
accounting  firm  Grant  Thornton’s  VoIP  rollout  of 
Avaya  S8700  PBXs  last  year. 

“Always  stay  nimble  and  ready  to  move,  gather 
all  the  information  required,  communicate  and 
just  do  it,”  Lopez  recommends. These  practices 
helped  him  handle  the  rollout  of  Modular  Mess¬ 
aging  to  4,000  people  in  one  weekend  without 
any  major  problems.  He  and  three  colleagues 
fielded  all  the  help  desk  calls  the  following  Mon¬ 
day  and  handled  any  other  issues  that  arose.  ■ 


If  you  don't  have  C-level  backing  for  an  IT  project ‘  don't  even  attempt  it. 


maybe  it's  time 
you  look  at 

AdaptiveKVM” 

When  servers  are  down  or  inaccessible,  you  need 
fast  and  reliable  out-of-band  access  and  control. 

Cyclades  AdaptiveKVM™  (patent  pending)  is  the  industry’s  first 
integrated  solution  that  combines  KVM  over  IP  and  Microsoft® 
Remote  Desktop  Protocol  (RDP)  technology  in  a  single 
appliance.  By  using  KVM  over  IP  combined  with  RDP, 
AdaptiveKVM  provides  continuous  access  for  remote  server 
management 


Next-Generation  KVM  Solution 


iffiBOili 
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AlterPath™  KVM/netPlus 


Download  a  FREE  White  Paper  on  AdaptiveKVM 

www.cyclades.com/akvm 


I 


wwnAf.cyclades.com/nw 

1.888. cyclades  •  sales@cyclades.com 
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Increase  your  data  center  availability 

...with  APC  Rack  Power  Distribution 


Avoid  overloading  circuits 

Monitor  the  current  draw  as  you  install  equipment 

Protect  circuit  from  unauthorized  use 

Turn  outlets  off  when  not  in  use 

Avoid  in-rush  current  overload 

Outlets  are  turned  on  sequentially 

Manage  power  via  Network  Interfaces 

Built-in  Web,  SNMP,  Telnet  support 


Power  Distribution  Units 

•  Basic:  Vertically  and  horizontally  mounting  with  a 
range  of  amps  and  voltages 

•  Metered:  Ability  to  monitor  the  current  draw  and 
set  alarm  thresholds  that  when  exceeded,  provide 
both  visual  and  audible  alarms 

•  Switched:  Advanced,  remote  power  distribution 
and  control.  User  configurable.  Users  can  configure 
the  sequence  in  which  power  is  provided  to 
individual  receptacles  upon  start  up. 


APC's  advanced  power  distribution  units 
distribute,  monitor  and  remotely  control 
power  in  rack  enclosures. 

Now  you  can  remotely  control  power  to 
individual  outlets  and  monitor  aggregate 
power  consumption  via  local  and  remote 
displays.  Access,  configure  and  control  the 
APC  Switched  Rack  PDU  through  Web, 
SNMP  orTelnet  interfaces. 

From  basic  power  distribution  to  controllable 
outlets,  APC  has  solutions  up  to  14.4  kW 
to  fit  your  IT  environment  needs.  See  our 
entire  line  of  rack  PDUs  online  at  www.apc. 
com. 


Every  product  carrying  this  mark  has  been 
tested  and  certified  for  use  with  InfraStruXure™ 
architecture.  Before  you  buy,  check  for  the  X  to 
guarantee  product  compatibility. 


Enter  to  WIN  a  FREE  APC  Rack  PDU  today. 

Visit  http://promo.apc.com  Key  Code  f898x  •  Call  888-289-APCC  xB795  •  Fax  401-788-2797 


With  over  15  million 
satisfied  customers, 

TWI 

APC's  Legendary  Reliability 
guarantees  peace  of  mind. 


Legendary  Reliability® 


©2005  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  E-mail:  esupport@apcc.com  •  1 32  Fairgrounds  Road,  West  Kingston.  Rl  02892  USA 
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SERVERS  WITHIN 
FROM  ANY 


REACH 
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LOCAL  OR  REMOTE  SERVER  MANAGEMENT  SOLUTIONS 


UltraMatrix™ 

Remote 


KVM  OVER  IP 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 


System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


UltraMatrix™  ■  PROFESSIONAL  MULTI-USER  KVM  SWITCH 

E-series  2  -  4  KVM  STATIONS  TO  1 ,000s  OF  COMPUTERS 

KVM  SWITCH  •  PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

•  On-screen  menu  informs  you  of  connection  status  between  units 
in  an  expanded  system 

•  Powerful,  expandable,  low  cost 

•  No  need  to  power  down  most  servers  to  install 

I*  Security  features  prevent  unauthorized  access 

•  Free  lifetime  upgrade  of  firmware 

J  •  Video  resolution  up  to  1600  x  1280 

^  -  •  Available  in  several  models 

•  Easy  to  expand 

The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology,  at  an 
affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  stations  to  as  many  as 
1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several  sizes:  2x4,  2x8,  2x16, 

4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi-  platform. 


.*•.  "The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It 
v  provides  acomprehensive  solution  for  remote  server  access  over  IP  and  local  as  well. 


■  KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 

RackVIews  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
J#."'  server  rooms  and  multiple  computers. 

.  ‘  y.  ’ 

.  •»  The  R.irkViPvv  ic  a  rar k  mnunfahlp  KVM  rnncnlp  npatlv  fitfprl  in  a  rnmnarf  nnll- 


.  T^e  RackView  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
drawer.  This  easy-glide  KVM  drawer  contains  a  high-resolution  TFT/LCD  monitor,  a 


v>  fadtfle  keyboard,  and  a  high-resolution  touchpad  or  optical  mouse. 


XtendVue 

Vertical  Rack  mountable  LCD 
With  Built-in  KVM  Extender 


RackView 

Fold-Forward 


RackView 

Fold-Back 


RackView 
LCD  Monitor 


RackView 

Keyboard 
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Cl  Travel  Manages  VoIP  Traffic  With  Observer 


High  phone  bills  were  eating  up 
Cl  Travel's  profits.  Because  reducing 
call  volume  really  wasn't  an  option, 
Cl  Travel's  IT  Director,  Paul  Ingram, 
decided  to  take  advantage  of  Voice 
over  Internet  Protocol  (VoIP)  technology 
to  reduce  per-call  expenses.  The  new 
VoIP  phones,  while  dramatically 
reducing  per-call  costs,  came  with  a 
new  set  of  problems.  To  make  the 
investment  in  VoIP  technology  really 
pay  off,  Ingram  chose  Network 
Instruments'®  Observer®  to  successfully 
troubleshoot  the  VoIP  exchange. 

Currently,  there  are  175  VoIP 
phones  deployed  at  Cl  Travel's  49 
offices  around  the  world.  Next  year, 
he  expects  there  to  be  about  300  VoIP 
phones  deployed-one  VoIP  phone 
per  employee.  Because  much  of  the 
company's  business  is  conducted 
over  phone  lines,  Ingram  has  to  be 
certain  that  VoIP  users  are  getting  the 
best  quality  of  service  attainable. 

"Bad  voice  quality  makes  people 
turn  to  the  standard  phone  system, 


which  could  quickly  eliminate  any 
savings  we  were  intending  to  realize 
with  VoIP,"  Ingram  said.  "The 
company  depends  heavily  on  phone 


Sniffer  when  it  comes  to  VoIP,  but  I 
am  not  comfortable  using  a  product 
without  any  guarantee  of  technical  or 
service  support.  Observer,  on  the 


“So  far,  Observer’s  VoIP  capabilities 
has  helped  cut  Cl  Travel's  phone  bill 
by  about  25  to  30  percent.” 


communication  to  service  customers; 
calls  are  going  to  be  made  with 
the  most  reliable  phone,  no  matter 
the  cost." 

After  Ingram  purchased  VoIP  phones 


the 


users 


started 


ex 


aeriencing  VoIP 


Observer  Suite, 
aehind  on  VoIP 


issues.  He  researched  three  products: 
Sniffer®,  Ethereal,  anc 
"Sniffer  is  really 
features,"  he  said."  It  can't  even  record 
voice  packets  for  audio  playback. 
Ethereal  (an  open-source  "free"  product) 
is  actually  more  advanced  than 


Paul  Ingram,  Cl  Travel 

other  hand,  was  even  better  than 
Ethereal,  and  includes  a  higher  level 
of  support  than  either  of  them. 
Overall,  I  found  Observer  to  be  the 
best  value." 

Ingram  purchased  Observer 
technology,  including  a  probe  he 
placed  on  the  WAN  backbone  to 
troubleshoot  VoIP.  In  one  case, 
Ingram  used  Observer  to  troubleshoot 
erratic  jitter  that  was  occurring 
between  his  office  and  another  office. 
He  couldn't  hear  the  problem  on  his 


Observer  is  the  only  fully  distributed  network  analyzer  built  to  monitor  the  entire  network  (LAN,  802.1 1  a/b/g.  Gigabit,  WAN). 
Download  a  free  Observer  11  demonstration  today.  Visit  www.networkinstruments.com/analyze  to  learn  more. 

US  &  Canada  toll  free  800-526-5958  fax  952-358-3801  UK  &  Europe  +44(0)1959  569880 


end  so  he  ran  a  packet  capture  and 
played  it  back  to  hear  the  problem. 
Not  only  did  Observer  help  him 
verify  that  there  was  a  prob  em,  it 
also  lead  him  to  the  so  ution. 
A  packet  capture  identified  a 
misconfigured  application  that  was 
hogging  bandwidth  and  causing 
a  general  network  slowdown. 

"Armed  with  the  information 
provided  by  Observer,  I  was  able 
to  reconfigure  the  misbehaving 
application,"  Ingram  said.  "I  also 
defined  a  QoS  policy  on  the  switch  to 
give  VoIP  traffic  the  highest  priority, 
tnereby  preventing  other  applications 
from  compromising  VoIP  reliability." 

As  long  as  VoIP  traffic  has  priority  on 
the  network,  communication  problems 
are  minimized,  allowing  Cl  Travel  to 
maintain  its  independence  from  the 
traditional  phone  system. 

"So  far,  Observer's  VoIP  capabilities 
has  helped  cut  Cl  Travel's  pnone  bill 
by  about  25  to  30  percent,"  Ingram  said. 
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How  Do  You  Distribute 
Power  in  Your  Data 
Center  Cabinet? 


With  Sentry! 

CDU  Product  Family;  Metered,  Smart  &  Switched 

The  Sentry  CDU  distributes  power  for  Blade  servers  or  up  to  42  dual 
power  1U  servers  in  one  enclosure.  Single  or  3-phase  input  with 
110VAC,208VAC  or  mixed  110/208VAC  single-phase  outlet  receptacles. 


Metered  CDU 

>  Local  input  Current  Monitoring 
Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 

Server  Technology 
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R-no.  f  IV  89S71  -  USA  f.i*  *  1 77S  ?R1  2065 
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Switched  CDU 

>  Local  input  current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power,  Temperatures 
and  Humidity 

>  Remote  Power  Control  of  Each  Outlet 
—  On  /  Off  /  Reboot 


@Digilicint 

-  NO  EXCUSE  NO  COMPROMISE  - 


Digiliant’s  Network  Attached  Storage  and  iSCSI  appliances 
provide  your  business  a  more  efficient  and  economical  way 
for  data  storage.  Up  to  20TB  starting  at  $1,099. 


1U  NAS 


Starting  at  $2,299 


Data  Capacity  from  320GB  to  2TB 
SATA  Hard  Drives  with  NCQ 
Broadcom  4452  4-Port  Raid  Controller. 
Dual  Gigabit  Network  Card 
Intel  Celeron  2.8GHz  up  to  P4  3.2GHz 


2U  NAS 


Starting  at  $3,699 


•  Data  Capacity  from  640GB  to  4TB 

•  SATA  Hard  Drives  with  NCQ 

•  3Ware  9550SX  8-Port  Raid  Controller 

•  Dual  Gigabit  Network  Card 

•  Intel  Xeon  2.8GHz  up  to  3.2GHz 


•  Data  Capacity  from  3.2TB  to  20TB 

•  SATA  Hard  Drives  with  NCQ 

•  3Ware  Raid  Controllers 

•  Dual  Gigabit  Network  Card 

•  Dual  Intel  Xeon  2.8GHz  up  to  3.2GHz 


Starting  at  $12,899 
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Features  C  Benefits 


eking  Over  Ethernet 

Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


•  Interactive  Telnet  Client 


*  TCP/IP  over  10/IOOBaseT  Ethernet 


Built-in  Barcode  Badge  Reader 

Optional  Mag-Stripe  &  RFID  Badge  Reader 

Auxiliary  RS-232  Serial  port 

Customizable  Data  Collection 

Program  Included 

Larger  keyboard  and 

display  sizes  available 


COMIHTKIflMSL 

Gall  t-800-255-3739  or  visit  www.computorwlse.com 


SENSAPHONE 


IMS-aDDO 
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Dealers  Wanted 


Monitoring 


Control 

Interface 


Port 


Modem 
fit  Pager  Port 


( Itmperulure,  Humidity. 
Wain,  Motion,  Power, 

S  moke/Fve) 

Expandable 


Monitor  the  REST  of  your  Computer  Room! 


Water  on  the  Floor 

Temperature 

Power  Problems 

Security 

Smoke  and  Fire 

Humidity 

Video 

And  much  more 


Sends  Monitors  Embedded 

SNMP  64  Web 

Messages  IP  addresses  Server 


Power 

Outage 


Internal 

UPS 


SENSAPHONE 

Tel:  877-373-2700 

901  Tryens  Road 

www.ims-4000.com 

Aston,  PA  19014 

TAP  into  Performance 

Monitor  mission-critical  links  with  the 
latest  technology  through  new  /iTAPs 


I 

i 


i 

i 


Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  r?TAP  solution  that 
fits  your  network  and  budget.  Visit  www.networkTAPs.com/visibility  today. 


"1 

to 

Ethernet  Copper  nTAP 

for  copper-to-copper  connections 
Choose  your  speed: 

m 

10/100 . 

$395 

!  10/100/1000 . 

. $995 

_ A 

10/100/1000  Conversion  /iTAP 

Copper  input  with  copper  or 
fiber  output  options 
Choose  your  analysis  output: 


SX . $1,495 

LX . $1,495 

a 


Optical  Fiber  nTAP 

Multiple  split  ratios 

Choose  your  port  density: 

Single  channel . 

$395 

Four  channel . 

$1,795 

Six  channel . 

$2,395 

To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  foi  you,  go  to  www.networkTAPs.com/visibility  or  call  866-GET-nTAP  today. 

Free  overnight  delivery* 


F€  cc 


‘lift  ovemighl  delivery  on  oil  U  S.  orders  over  $300.00  confirmed  before  12  pm  CST. 

attP  and  Vie  attf  tofo  m  Vaimadts « rtgeteftti  badmuifcs  of  Network  instruments,  UC 


(  *TAPM 


Looking  ahead  to  your  next 
network  project? 

Need  information  now? 

Check  out  VENDOR  SOLUTIONS  for  the  most 
comprehensive  information  on  network  IT  products 
and  solutions  for  your  business  including: 

►White  Papers 
►Special  Reports 
►Partner  Sites 
►Webcasts 

►  Marketplace  Product  Finder 
Visit  www.networkworld.coin/vendorsolutions  today. 
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BACKSPIN 


Mark  Gibbs 


eeing  as  how  Thanks¬ 
giving  has  just  shot 
past  and  your  nomi¬ 
nations  for  the  Golden 
Turkey  Awards  are  still 

flooding  in  (make  sure  you  vote  at  www.networkworld. 
com,  DocFinder  9966),  it  may  be  a  good  time  to  consider 
what  we  are  thankful  for.  So  in  my  role  as  the  Rev.  Gibbs  of 
the  Church  of  IT,  I  will  lead  us  in  prayer: 

Our  network  technologies  which  art  in  the  enterprise  as 
well  as  in  the  home,  hallowed  be  thy  implementation. Thy 
features  come.Thy  operation  be  done  in  the  real  world  as 
they  were  done  in  the  brochure.  Give  us  this  day  our  prod¬ 
ucts  ROI.  Forgive  us  for  not  reading  the  manual,  as  we  for¬ 
give  those  who  made  it  unreadable  anyway  Lead  us  not 
into  desperation  but  deliver  us  from  the  support  line.  For 
thine  is  the  information,  the  data  and  the  metadata,  at 
least  until  lunch  time.  Our  network. 

We  are  thankful  that  Sony  is  about  to  get  smacked 
around  in  the  courts  for  its  arrogant  acts  and  behavior 
(see  BackSpin  and  Gibbsblog).  Had  it  got  away  with  its 
nefarious  plans,  the  door  would  have  been  opened  for  the 
Motion  Picture  Association  of  America  and  the  Recording 
Industry  Association  of  America  to  act  in  similarly  aggres¬ 
sive  and  restrictive  ways.  Given  that  these  groups  have  a 
number  of  politicians  in  their  pockets,  we  can  all  feel 


IT  things  to  be  thankful  for  . 

Si 


thankful  that  the  public  got  this  technology  issue  and 
responded  appropriately 

We  are  thankful  that  VoIP  is  inexpensive,  because  if  we 
were  paying  much  more  than  the  rip-off  would  be  really 
distressing.  Following  my  recent  BackSpin  columns  on  the 
topic  of  consumer-grade  VoIP  I  had  a  lot  of  feedback  and 
the  readers  had  remarkably  different  experiences: Those 
on  cable  seemed  generally  happy  and  those  on  DSL 
seemed  mostly  unhappy 

The  theory  that  you  can  improve  the  experience  by  get¬ 
ting  VoIP  from  your  DSL  provider  apparently  doesn’t  hold 
water.  Reader  Walt  Tetschner  wrote, “I’ve  used  Verizon 
VoiceWing  ...  for  the  last  seven  months.  My  conclusion  is 
that  VoIP  is  an  absolute  fraud!”  See  Gibbsblog  for  more  on 
Tetschner’s  comments.  I  will  most  likely  switch  back  to 
plain  old  telephone  service  until  reliable  consumer-grade 
VoIP  appears,  because  I  need  to  keep  my  wife  happy  and 
she  is  now  not  happy  with  Vonage. 

We  are  thankful  to  discover  that  the  wretched  Digital 
Millennium  Copyright  Act  (DMCA)  is  flawed.  A  summary 
report  from  the  University  of  Southern  California  Law 
School’s  Intellectual  Property  Legal  Clinic  and  the  Uni¬ 
versity  of  California,  Berkeley’s  Boalt  Hall  examined  more 
than  900  take-down  notices  (formal  cease-and-desist  re¬ 
quests  from  copyright  holders)  sent  to  ISPs  and  search 
engines.They  found  that  a  significant  percentage  were  not 


clear  DMCA  violations  or  clearly  illegal.  If  there  was  ever 
proof  that  the  DMCA  is  flawed,  abused  and  a  bad  piece  of 
legislation,  this  report  is  it.  We  will  be  thankful  when  the 
DMCA  is  overhauled. 

We  are  thankful  that  the  video  iPod  has  finally  been 
launched  so  that  we  don’t  have  to  hear  any  more  theoriz¬ 
ing  about  an  iFbd  that  does  video. 

We  are  thankful  thatTiVo  exists  because  we  spend  way 
too  much  time  in  front  of  the  PC  and  without  it  we’d  usu¬ 
ally  miss  “The  Daily  Show” 

We  are  thankful  that  open  source  is  starting  to  get  the 
attention  it  deserves.  Another  few  hundred  years  and  we 
will  all  be  wondering  why  we  ever  had  to  buy  proprietary 
operating  systems  and  applications. 

We  are  thankful  that  Microsoft  is  a  little  nearer  to  the 
release  of  Windows  Vista  because  we  know  the  innumer¬ 
able  bugs,  gotchas  and  other  problems  involved  in  migrat¬ 
ing  to  this  new  operating  system  will  assure  the  IT  indus¬ 
try  a  few  more  years  of  steady  employment. 

It  is  for  these  and  the  many  other  blessings  of  our 
industry  that  we  give  thanks.  At  least  until  next 
Monday. 

What  are  you  thankful  for?  Tell  backspin@gibbs.com  and 
check  Gibbsblog  (www.networkworld.com/weblogs/gibbs 
blog/). 


ETBUZZ 


News,  insights  and  oddities 


There’s  just  no  figuring  out  that  Internet 


Paul  McNamara 


Now  the  Internet  is  slowing  down  snail  mail? 

Heaven  knows  the  'Net  gets  blamed  for  everything 
this  side  of  teenage  acne,  but  this  time  the  charge 
appears  to  carry  considerable  weight  —  both  figuratively  and  literally.  What  makes 
the  revelation  particularly  interesting  is  that  it  is  a  sterling  example  of  conventional 
wisdom  proving  to  be  more  conventional  than  wise  when  applied  to  the  Internet. 
(You’ll  have  a  chance  to  offer  your  own  examples  later.) 

It  wasn't  long  ago  that  the  emergence  of  e-commerce  was  seen  by  most  as  the 
beginning  of  the  end  for  the  mail-order  catalog.  No  need  to  keep  killing  all  those 
trees  once  everyone  gets  in  the  habit  of  ordering  everything  they  need  and  want 
online.  If  I  didn't  write  that  myself,  I  certainly  bought  into  the  idea.  It  was  just  stone- 
cold  obvious. 

Seems  most  everyone  was  wrong.  Not  only  has  the  'Net  not  deep-sixed  those  cat¬ 
alogs,  it  has  given  the  once  moribund  medium  new  life.The  catalogs  are  driving 
more  traffic  online  . . .  and  more  traffic  online  is  motivating  retailers  to  mail  out 

more  catalogs. 

Ask  any  mail  carrier.  OneTV  news  report  mentioned  that  the  catalog  load  has  so 
weighed  down  some  letter- luggers  that  routes  are  taking  as  much  as  an  hour  longer 

than  usual  to  complete. 

The  raw  numbers  are  staggering.  According  to  the  Direct  Marketing  Association, 
18.1  billion  mail-order  catalogs  were  delivered  to  U.S.  households  in  2004,  an 
increase  of  1.5  billion  over  2002.  It  may  surprise  some  of  you  to  learn  that  of  that 
extra  1.5  billion,  approximately  half  were  delivered  to  my  house. 

Journalists  are  cautioned  not  to  draw  sweeping  conclusions  from  their  own  nar¬ 
row  experiences,  but  I’m  going  to  laugh  at  caution  here. This  catalog  avalanche  is 
indeed  moving  on  down  the  mountain  —  and  it's  the  fault,  if  you  will,  of  online 
shoppers. 

Mrs.  Buzz  does  an  inordinate  amount  of  our  household  shopping  online  (as  would 


you  if  your  alternative  was  chasing  4-year-old  triplets  through  the  local  mall).  In  fact, 
the  UPS  guy  shows  up  at  our  door  so  often  I  felt  obliged  to  invite  him  to 
Thanksgiving  dinner  —  the  kids  figure  he's  just  another  uncle  anyway. 

And  the  catalogs?  Don’t  you  dare  call  them  “junk  mail”  within  earshot  of  my  wife. 
They  are  her  sports  section  . . .  and  who  am  I  to  judge?The  numbers  of  catalogs 
seem  not  so  remarkable  as  they  hit  the  mailbox  three,  four,  five  at  a  shot.  No,  where 
the  sheer  volume  becomes  most  noticeable  is  at  their  designated  collection  depot,  a 
corner  of  our  bedroom  floor.  Let’s  just  say  I  hope  the  guy  who  built  our  house  didn’t 
skimp  on  the  joists. 

E-commerce  will  kill  the  catalog  industry?  Right,  nice  call. 

So  what  else  have  we  all  —  notice  the  blame-sharing  here  —  been  dead  wrong 
about  when  predicting  the  future  impact  of  emerging  technology? 

How  about  cars?  First  time  I  heard  an  expert  expound  on  the  “brutally  efficient  mar¬ 
kets”  that  would  spring  up  around  online  car  shopping,  it  sounded  like  a  slam-dunk  — 
and  very  bad  news  for  the  profit  margins  of  those  who  sell  cars.That  was  six  or  seven 
years  ago  —  and  the  majority  of  us  are  still  kicking  tires.  (For  an  academic  view  of  why 
that  is,  check  out  this  previous  'Net  Buzz  column  at  www.networkworld.com, 

DocFinder:  9949.) 

Or  consider  the  end  of  business  travel:  It’s  been  right  around  the  corner  for  as  long 
as  the  golden  age  of  videoconferencing  has  been  right  around  the  corner.That’s  a 
long,  long  time. 

The  federal  government's  Do  Not  Call  list  was  absolutely,  positively  going  to  mean 
curtains  for  the  telemarketing  industry  —  except  that  it  didn’t. 

Now  it’s  your  turn.  What  is  your  favorite  example  of  conventional  wisdom  proving 
all  out  of  whack? 

Send  your  nominations  to  buzz@nww.com  or  post  them  online  in  our  forum  at 
DocFinder:  9968.  The  full  ’Net  Buzz  archive  can  be  found  at  DocFinder:  1031. 


WE  EAT  WORMS 


FOR  MONEY. 


Seriously. 

You  have  enough  on  your  plate  already. 

Yet  e-mail  security  keeps  getting 
more  out  of  control.  Worms,  spam,  user 
licensing,  viruses,  spyware,  pornography, 
malware,  updating.  It’s  an  expensive  and 
endless  headache.  And  the  stakes  get 
higher  every  day.  Today,  8  out  of  10 
businesses  get  hit.'  And  e-mail  viruses 
alone  are  responsible  for  more  than  $10 
billion  in  lost  productivity.2 

It’s  time  this  problem  got  solved.  Not 
just  for  big  businesses,  but  for  any  size 
business.  Not  just  for  this  platform  or  that. 
And  not  by  making  already  overworked 
IT  people  run  CDs  from  PC  to  PC  during 
virus  frenzies.  It’s  time  for  something  new. 

Its  time  for  e-mail  security  as  a  service. 

Getting  e-mail  security  from  IBM  is 
now  about  as  easy  as  getting  cable  TV.  You 
call  IBM  or  sign  up  on  the  Web,  and  IBM 


does  the  rest.  It’s  that  simple. 

Starting  at  $1.80  per  e-mail  address, 
per  month,  the  IBM  Express  e-mail 
security  service  filters  out  spam  and 
intercepts  viruses,  pornography  and 
malware  before  they  ever  get  to  your 
network.  And,  because  it’s  a  service,  you 
don’t  have  to  buy,  upgrade  or  manage  any 
software  or  hardware. 

Security  goes  from  chronic  fear  to 
IBM-grade  reassurance.  Licensing  and 
upgrades  become  a  thing  of  the  past.  So 
do  unplanned  costs.  Three  less  things 
to  worry  about.  Just  like  that.  For  any 
size  company. 

Soon,  everyone  will  buy  security  as  a 
service.  To  help  you  get  there,  you  can  try 
IBM  Express  e-mail  security  service  at  no 
charge  for  30  days.* 

To  learn  more,  call  1-866-672-9354  or 
visit  ibm.com/ljusinesscenter/securitv26 


30  DAY  TRIAL.  CALL  1-866-672-9354 
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The  threat  you  need  to  see  coming 
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The  Answer:  Proven  security. 


Vulnerability  Management 
Intrusion  Prevention 
E-Mail  &  Web  Security 
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Anti-Spam 

Anti-Spyware 
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Anti-Virus 
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Zero-day  threats.  Modified  threats.  Encrypted  attacks.  With  McAfee®,  you’re  protected.  Our  comprehensive 
security  solutions  with  integrated  intrusion  prevention  technology  proactively  protect  your  systems  and 
networks.  And  our  proven  approach  blocked  or  contained  100%  of  the  top  attacks  in  2004.  Backed  by  more 
than  15  years  of  experience  protecting  and  supporting  our  customers,  McAfee’s  software,  hardware,  and 
services  are  a  proven  way  to  secure  your  business.  Learn  more  at  www.mcafee.com/enterprise 


Proven  Security ~ 
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